Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
June 2008
 Right Arrow
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    June 04, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    June 4HP Instant Support ActiveX Control Vulnerabilities
    June 4Sun Releases Java ASP Server 4.0.3
    June 4United States Tax Court Phishing Attack
    June 2Microsoft Releases Security Advisory
    June 2VMware Releases Security Advisory
    May 29Samba Releases Version 3.0.30
    May 29Apple Releases Security Updates
    May 28Adobe Flash Player Vulnerability
    May 28Cisco Releases Security Advisory
    May 22IBM Lotus Sametime Vulnerability


    HP Instant Support ActiveX Control Vulnerabilities

    added June 4, 2008 at 02:37 pm

    HP has released a support document to address multiple vulnerabilities in the Instant Support ActiveX control (HPISDataManager.dll). These vulnerabilities may allow a remote attacker to execute arbitrary code.

    US-CERT encourages users to review the HP Support Document and upgrade to Instant Support v1.0.0.24 or apply the workarounds listed in the Support Document.


    Sun Releases Java ASP Server 4.0.3

    added June 4, 2008 at 02:12 pm

    Sun has released Java ASP Server 4.0.3 to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the root user or the user running the Sun Java ASP server, obtain sensitive information, or bypass security restrictions.

    US-CERT encourages users to review Sun Alert 238184 and upgrade to Java ASP Server 4.0.3 or apply the workarounds listed in the Sun Alert.


    United States Tax Court Phishing Attack

    added May 15, 2008 at 03:15 pm | updated June 4, 2008 at 01:10 pm

    US-CERT is aware of public reports of a phishing attack circulating via email messages that claim to be petitions from the US Tax Court. These messages appear to be legitimate because they may contain very specific information about the message recipient. The message requests that the user follow a link to download additional information or documents. If a user clicks on this link, the website attempts to use JavaScript to install a bogus root certificate that is supposedly issued by "VeriSign Trust Network." The user will normally receive several warnings when the JavaScript code attempts to install the certificate.

    If the certificate installs successfully, the browser is redirected to another page that attempts to install an ActiveX control. The user may be prompted to allow the installation, and because the control is signed, it will appear to be legitimate. However, it is signed by a fake certificate for "Adobe Systems Incorporated," which is trusted by the bogus root certificate previously installed. The ActiveX control is a Browser Helper Object (BHO) that functions as an information stealer. Upon execution, it will attempt to download an update to itself and will then begin reading client certificates, stored passwords, cookies, browsing history, posted form data, and other information.

    Public reports indicate that the attack messages have the following attributes:

    • Messages appear to come from the "United State Tax Court." (Note the missing "s" on "State.")
    • The URL within the message appears to link to the "ustax-courts.com" domain.
    US-CERT encourages users to do the following to help mitigate the risk:
    • Review the alert posted by the United States Tax Court regarding this issue.
    • Do not follow unsolicited web links received in email messages.
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
    • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
    • Install anti-virus software and keep virus signature files up to date.
    • Pay close attention to warning messages and prompts.


    Microsoft Releases Security Advisory

    added June 2, 2008 at 11:47 am

    Microsoft has released Security Advisory 953818 to address reports of a blended threat that affects Windows users who have installed Apple's Safari web browser. According to the advisory, by convincing a user to visit a specially crafted website, an attacker may be able to execute arbitrary code on an affected system due to Safari's default file downloading behavior and the way that Windows Internet Explorer handles the downloaded files.

    US-CERT encourages users to review Microsoft Security Advisory 953818. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.

    US-CERT will provide additional information as it becomes available.


    VMware Releases Security Advisory

    added June 2, 2008 at 09:46 am

    VMware has released a security advisory indicating that updates are available for VMware Workstation, VMware Player, VMware ACE, and VMware Fusion. These updates address multiple vulnerabilities that may allow an attacker to execute arbitrary code in the context of the "vmx" process on the host system or to bypass security restrictions.

    US-CERT encourages users to review VMware Security Advisory VMSA-2008-0008 and apply any necessary updates.


    Samba Releases Version 3.0.30

    added May 29, 2008 at 09:26 am

    Samba has released version 3.0.30 to address a vulnerability. This vulnerability is due to a heap-based buffer overflow condition in the receive_smb_raw() routine. By sending a specially crafted SMB response, an attacker may be able to execute arbitrary code on the affected system.

    US-CERT encourages users to review the Samba Security Announcement and apply appropriate patches from their vendor, upgrade to Samba 3.0.30, or apply the patch supplied by the Samba development team.


    Apple Releases Security Updates

    added May 29, 2008 at 07:43 am

    Apple has released Mac OS X v10.5.3 and Security Update 2008-003 to address multiple vulnerabilities. These vulnerabilities affect a number of applications, libraries and the kernel. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, access the system with escalated privileges, obtain sensitive information, conduct cross-site scripting attacks or cause a denial-of-service condition.

    US-CERT encourages users to review Apple Article HT1897 and apply any necessary updates.


    Adobe Flash Player Vulnerability

    added May 27, 2008 at 06:44 pm | updated May 28, 2008 at 06:03 pm

    US-CERT is aware of public reports of active exploitation of a vulnerability in Adobe Flash Player. By convincing a user to open a specially crafted Flash file, which may be embedded in a compromised website, a remote, unauthenticated attacker may be able to execute arbitrary code.

    US-CERT encourages users to review the following and apply any necessary workarounds to help mitigate the risks:

    US-CERT will provide more information as it becomes available.


    Cisco Releases Security Advisory

    added May 28, 2008 at 01:24 pm

    Cisco has released a Security Advisory to address a vulnerability in CiscoWorks Common Services. This vulnerability may allow a remote attacker to execute arbitrary code.

    US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080528-cw and apply any necessary updates or workarounds.


    IBM Lotus Sametime Vulnerability

    added May 22, 2008 at 10:23 am

    IBM has released a Technote to address a vulnerability in Lotus Sametime. This vulnerability is due to an error in the way long URLs are processed within the Community Services Multiplexer (StMux.exe). By sending a specially crafted URL, an attacker may be able to cause a stack-based buffer overflow and execute arbitrary code.

    US-CERT encourages users to review the IBM Technote "Potential stack overflow vulnerability with IBM Lotus Sametime Community Services multiplexer (MUX)" and apply any necessary updates or workarounds.