Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
April 2008
 Right Arrow
Su M Tu W Th F Sa
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    April 14, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    April 14ClamAV PE Scanning Vulnerability
    April 14Oracle Issues Pre-Release Announcement for April Critical Patch Update
    April 14EMC DiskXtender Vulnerabilities
    April 11Active Exploitation of GDI Vulnerabilities
    April 9Email Attack Circulating
    April 9Adobe Flash Player Vulnerabilities
    April 9IBM Lotus Notes Vulnerabilities
    April 8Microsoft Releases April Security Bulletin
    April 7Email Attack Targeting Microsoft's April Security Bulletin Release Cycle
    April 4RealPlayer Update Released


    ClamAV PE Scanning Vulnerability

    added April 14, 2008 at 03:32 pm | updated April 14, 2008 at 03:42 pm

    US-CERT is aware of reports of a vulnerability in the Clam AntiVirus ClamAV product. This vulnerability occurs because ClamAV fails to properly process executables that were compressed with the Upack compressor. This vulnerabilty is due to a buffer overflow condition that exists in the code responsible for scanning PE (Portable Executable) files.  This vulnerability might allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

    To help mitigate the impact of this vulnerability in the ClamAV scanning engine, users are encouraged to run ClamAV using a limited user account.


    Oracle Issues Pre-Release Announcement for April Critical Patch Update

    added April 14, 2008 at 03:17 pm

    Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.  

    The announcement further states that there are:

    • 17 updates for Oracle Database
    • 3 updates for Oracle Enterprise Manager
    • 11 updates for Oracle E-Business Suite
    • 1 update for the Oracle Enterprise Manager
    • 3 updates for Oracle PeopleSoft Enterprise products
    • 6 updates for Oracle Siebel SimBuilder products
    The release is scheduled for Tuesday, April 15, 2008.

    We will provide additional information as it becomes available.


    EMC DiskXtender Vulnerabilities

    added April 14, 2008 at 03:17 pm

    US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system.

    US-CERT encourages registered EMC Powerlink users to visit EMC's website for additional information regarding these vulnerabilities.  


    Active Exploitation of GDI Vulnerabilities

    added April 11, 2008 at 02:03 pm

    US-CERT is following public reports indicating that attackers are attempting to exploit vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable.

    Additional information about these vulnerabilities is available in the Vulnerability Notes Database. More information about the exploit attempts is available from Symantec.

    US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks.


    Email Attack Circulating

    added April 9, 2008 at 03:06 pm

    US-CERT has seen reports of an email attack that is circulating. This attack is in the form of an email message with the subject line "Evacuation process has been started due to radiation leaks at San Clemente Nucklear Power Station." The message body states that the information is from a trusted news source and encourages users to follow a link to view a video. This link may direct users to a website hosting malicious code.

    US-CERT encourages users to do the following to help mitigate the risk:

    US-CERT will provide more information as it becomes available.


    Adobe Flash Player Vulnerabilities

    added April 9, 2008 at 07:34 am | updated April 9, 2008 at 10:36 am

    Adobe has released Flash Player 9.0.124.0 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.

    More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-100A.

    US-CERT encourages users to review Adobe Security Bulletin APSB08-11 and upgrade to Flash Player 9.0.124.0 to help mitigate the risks.


    IBM Lotus Notes Vulnerabilities

    added April 9, 2008 at 08:57 am

    IBM has released Technote 1298453 to address multiple vulnerabilities in Lotus Notes. These vulnerabilities are due to improper handling of the following file types:

    • Applix Presents (.ag)
    • Folio Flat File (.fff)
    • HTML speed reader (.htm)
    • KeyView document viewing engine
    • Text mail (MIME)
    By convincing a user to open a specially crafted file attachment, an attacker may be able to execute arbitrary code.

    US-CERT encourages users to review IBM Technote 1298453 and apply the appropriate updates or workarounds.


    Microsoft Releases April Security Bulletin

    added April 8, 2008 at 02:33 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic.

    More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-099.

    US-CERT encourages user to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Email Attack Targeting Microsoft's April Security Bulletin Release Cycle

    added April 7, 2008 at 03:11 pm

    US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages with the subject line "Critical Patch Released: Microsoft Security Bulletin MS08-64738." These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan.

    US-CERT encourages users to do the following to help mitigate the risks:


    RealPlayer Update Released

    added April 4, 2008 at 02:35 pm

    RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of  multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

    US-CERT encourages users to do the following to help mitigate the risk:

    US-CERT will provide more information as it becomes available.