Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Secunia Weekly Summary - Issue: 2009-47

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 23 Nov 2009 00:41:07 -0600 (CST)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2009-11-13 - 2009-11-20                        

                       This week: 72 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Blog: Microsoft Windows SMB Response Denial of Service Clarifications

A PoC was published recently on Full-Disclosure, completely hanging an
up-to-date Windows 7 or Windows Server 2008 R2 system when an SMB
connection is established to a malicious server.

At first glance, and if trusting the reported cause of the
vulnerability, the PoC seems to send a full SMB packet in which the
size is four bytes smaller than expected.

Upon a more careful inspection, seemingly due to an error in the Python
script, it was noticed to send only four bytes to an affected system,
containing only the NetBIOS header, which defines the size of the
following SMB packet.

Read More:
http://secunia.com/blog/66/

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in Warcraft III: The Frozen
Throne, which can be exploited by malicious people to potentially
compromise a user's system.

For more information, refer to:
http://secunia.com/advisories/37390/

 --

Secunia Research has discovered a vulnerability in Gimp, which
potentially can be exploited by malicious people to compromise a user's
system.

For more information, refer to:
http://secunia.com/advisories/37348/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA37231] Sun Java JDK / JRE Multiple Vulnerabilities
2.  [SA37318] Microsoft Windows Win32k Kernel-Mode Driver Multiple
              Vulnerabilities
3.  [SA24314] Internet Explorer Charset Inheritance Cross-Site
              Scripting Vulnerability
4.  [SA35948] Adobe Flash Player Multiple Vulnerabilities
5.  [SA37314] Windows Web Services on Devices API Memory Corruption
              Vulnerability
6.  [SA37273] Google Chrome Two Vulnerabilities
7.  [SA36983] Adobe Reader/Acrobat Multiple Vulnerabilities
8.  [SA37313] Apple Mac OS X Security Update Fixes Multiple
              Vulnerabilities
9.  [SA37277] Microsoft Office Word File Information Block Parsing
              Buffer Overflow
10. [SA37309] Microsoft Windows Win32k Kernel-Mode Driver Privilege
              Escalation

========================================================================
4) This Week in Numbers

During the past week 72 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
  Windows             :      8 Secunia Advisories
  Unix/Linux          :     31 Secunia Advisories
  Other               :      2 Secunia Advisories
  Cross platform      :     31 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :     10 Secunia Advisories
  Moderately Critical :     15 Secunia Advisories
  Less Critical       :     41 Secunia Advisories
  Not Critical        :      6 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web     : http://secunia.com/
E-mail  : support () secunia com
Tel     : +45 70 20 51 44
Fax     : +45 70 20 51 45


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: