CyberSecurity Institute

“Attackers are already using the JView Profiler flaw to download and install Trojan horses on victims’ machines,” said Dan Hubbard, senior director at Websense Security Labs. The Trojan horses would let the miscreants remotely control the hijacked PCs and make it part of a network of such computers known as a botnet, an increasing cyberthreat.

The other vulnerabilty affects the Microsoft Color Management Module, a component of Windows that handles colors.

The Windows vulnerabilities are described in two bulletins issued as part of Microsoft’s monthly patch cycle.

A third alert deals with a bug affecting Word 2000 and Word 2002. The Word flaw could allow an attacker to take control of a vulnerable PC, the software maker said.

http://news.zdnet.co.uk/0,39020330,39208852,00.htm

The vulnerabilities make it possible for an attacker to trigger a heap overflow within a critical Call Manager process, causing both a denial of service condition and enabling an attacker to completely compromise the Call Manager server, ISS said.

“Like many of the applications that are driving today’s businesses, VoIP travels over a variety of networks and the public Internet and is therefore susceptible to the same security perils as other staple network components like e-mail, databases and servers,” Chris Rouland, chief technology officer at ISS, said in a statement. “We are aware of several vulnerabilities that potentially affect the Cisco Call Manager software.”

To date, Cisco is not aware of any active exploitation of these vulnerabilities and Cisco has made free software fix available,” the company said.

“An attacker may be able to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products,” the company said. No authentication is required for an attacker to exploit the vulnerability and compromise a network, according to ISS.

“Voice over Internet Protocol is increasingly being adopted by corporations that wish to save money on telecommunications costs and streamline their communication infrastructure, providing employees with advanced features while simplifying administration processes,” Rouland said.

http://siliconvalley.internet.com/news/article.php/3520351

“We’re starting to see a trend in vulnerability discovery where people are going after file format vulnerabilities,” said Michael Sutton, the director of iDefense Labs, the research arm of Reston, Va.-based security intelligence firm iDefense. “There have been numerous vulnerabilities found in image file formats and multimedia file formats,” Sutton went on. “Actually, the vulnerabilities don’t exist in the files themselves, but in the programs that read and interpret them.”

That’s the case with the Word vulnerability that Microsoft disclosed Tuesday. According to Microsoft’s security bulletin and iDefense’s own analysis, a specially-crafted Word file (in .doc format) containing extra-long font data can cause Word 2000 and Word 2002 to fail, and give the attacker complete access to the machine.

“If everyone plays by the [file format] rules, everything works fine,” said Sutton. “But what happens if I don’t follow that format?” The reason why attackers are increasingly looking for file format processing flaws, said Sutton, is that users are leery about accepting executable files, and most enterprises have blocked them from arriving as incoming e-mail attachments.

http://informationweek.com/story/showArticle.jhtml%3Bjsessionid=XQXHGZHLNPNA4QSNDBGCKHSCJUMEKJVN?articleID=165702181

One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system; MIT warned a successful attack could allow access to the entire authentication realm protected by the KDC.

Two of the flaws affect the Key Distribution Center (KDC), which authenticates users. One of these, a boundary error that can cause a heap-based buffer overflow via a TCP or UDP request, may be used to execute malicious code on a system

A third flaw, affecting the krb5_recvauth() function, could allow a remote attacker to take over a system. However, the but is a double-free error, where a program attempts to free memory that’s already been freed. “Exploitation of double-free vulnerabilities is believed to be difficult,” MIT said in its advisory.

[Editors note: Microsoft’s implementation of Kerberos should not be affected since they coded their particular implementation internally]

http://www.xatrix.org/article3963.html