« Return to Thread: Advisory #227 - QuickTime, Paint Shop Pro, Photoshop, Multiple News
Advisory #227 - QuickTime, Paint Shop Pro, Photoshop, Multiple News
by Sunnet Beskerming Alert mailing list
::
Rate this Message:
Sûnnet Beskerming Alert List Advisory #227
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 QuickTime (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 3 Days
1.2 Paint Shop Pro
- Remote Hacker Automatic Control
- Time Since Discovery - 2 Days
1.3 Photoshop
- Remote Hacker Automatic Control
- Time Since Discovery - 2 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 On Your Way Out, Don't Forget The Door
2.2 Malaysia Is Watching
=====================================
1. SECURITY
1.1 QuickTime (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
QuickTime 7.x and earlier
-- Technical Description --
Numerous vulnerabilities have been disclosed in Apple's QuickTime
media player and media format. At least one arbitrary remote code
execution flaw exists within the QuickTime Java component (which was
used to defeat the test system at CanSecWest). Two other arbitrary
code execution flaws have been disclosed with the .mov and .mp4 file
handling components, complete with detailed proof of concept files
that demonstrate the flaws.
-- Description --
Following initial confusion about the nature of the vulnerability
used to compromise the test OS X system at the recent CanSecWest
conference, it has been disclosed that it used a previously-
undisclosed vulnerability in the QuickTime Java component, which
allows an attacker to take control of a victim's system once they
have been convinced to view malicious content. Following this
disclosure, two other serious vulnerabilities with various QuickTime
media handling libraries (.mov and .mp4) have been revealed, both
allowing remote attackers to take control of a victim's system (at
the same level as the victim) once they have been convinced to view
malicious media files.
-- Recommended Action --
Apply caution to interacting with remote QuickTime media until such
time as Apple is able to release a patch to address the issue. Users
should also ensure that they are not logged in as an administrator
for normal system usage. Disabling Java support in OS X browsers
will prevent the QuickTime Java vector from working, though users
will still need to avoid .mov and .mp4 files (some protection offered
by unchecking the Enable plug-ins option in Safari).
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.2 Paint Shop Pro - Remote Hacker Manual Control
-- Products Affected --
Corel Paint Shop Pro Photo v11.20
-- Technical Description --
A buffer overflow allowing arbitrary code execution when handling
malicious .clp files has been discovered. Full exploit code has
already been released.
-- Description --
It has been discovered that there is a vulnerability in Paint Shop
Pro's handling of .clp files, which can allow an attacker to take
complete control of a vulnerable system, once they have convinced
their victim to open a malicious file.
-- Recommended Action --
Avoid opening .clp files from untrusted sources until Corel is able
to release a patch to address this issue.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 6 6 (High)
Corporate 6 6 (High)
1.3 PhotoShop - Remote Hacker Manual Control
-- Products Affected --
Adobe Photoshop CS2, CS3
-- Technical Description --
An unspecified buffer overflow in Photoshop's handling of .bmp files
has been discovered, with complete exploit code released. The
provided exploit code will allow control of a vulnerable system when
Photoshop handles malicious .bmp, .dib or .rle files.
-- Description --
Adobe Photoshop has been discovered to be vulnerable to an
unspecified problem which can allow an attacker to take control of a
vulnerable system provided that a victim can be convinced to interact
with a malicious .bmp file.
-- Recommended Action --
Avoid .bmp, .rle, and .dib files from untrusted sources until Adobe
is able to release a patch to address this issue.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 6 6 (High)
Corporate 6 6 (High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 On Your Way Out, Don't Forget The Door
The former CEO at eEye, Ross Brown, used to maintain a blog where he
discussed various activities related to eEye - at least until his
recent, sudden departure.
Since his departure, the blog fell silent until an unknown hacker (or
group of hackers) gained posting access to the blog and launched a
tirade against him, eEye, and the Information Security industry in
general. Mixed in with the tirade was full personal details for Ross
Brown, including his home address, phone number, and enough
information to suggest that the attacker(s) also had his full credit
card details.
It appears that whoever managed to gain access to the blog claims
association with pr0j3kt m4yh3m, a group known for their attacks
against Information Security figureheads and companies. The attack
serves to highlight the importance of keeping authentication details
and records secure, especially for people who are seen as public
mouthpieces for companies or other groups.
2.2 Malaysia Is Watching
The Malaysian government is set to create a unit with the goal of
countering the 'lies' being spread on the Internet about government
policies. Effectively, the unit will be engaged in Information
Warfare and propaganda, with the stated goals of "working to
disseminate information, explain correct information and counter the
misinformation on government policies".
Historically, there have been verbal attacks against bloggers by
government representatives, who have accused the bloggers of
spreading slander and gossip. Threats of tighter Internet controls
and other punitive punishments are also used in an attempt to keep
web users in line.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
You are receiving this message because you have subscribed to our
Information Security Alert Mailing List, or have been selected for a
specific one-off copy. If you believe that you are receiving this
message in error, please contact info@... to resolve the
error.
Why not upgrade to get same day notification on security threats?
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).
Why not go the next step and get delivery tailored just for your
company?
(http://www.beskerming.com/premium/focussed_advisory.html)
Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 QuickTime (Multiple)
- Remote Hacker Automatic Control
- Time Since Discovery - 3 Days
1.2 Paint Shop Pro
- Remote Hacker Automatic Control
- Time Since Discovery - 2 Days
1.3 Photoshop
- Remote Hacker Automatic Control
- Time Since Discovery - 2 Days
=======================================
/*
- Remote or Local - Can it be achieved through a network or does it
require physical access?
- Hacker - The bad guy
- Manual or Automatic - Does the vulnerability need to be manually
performed, or can it be automated?
- Control, Denial of Service or Data Theft - Will the hacker get
control of your system / website, will they prevent you from using
it, or will they steal data.
*/
--------------------------------------------------------------------
2. NEWS
--------------------------------------------------------------------
2.1 On Your Way Out, Don't Forget The Door
2.2 Malaysia Is Watching
=====================================
1. SECURITY
1.1 QuickTime (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
QuickTime 7.x and earlier
-- Technical Description --
Numerous vulnerabilities have been disclosed in Apple's QuickTime
media player and media format. At least one arbitrary remote code
execution flaw exists within the QuickTime Java component (which was
used to defeat the test system at CanSecWest). Two other arbitrary
code execution flaws have been disclosed with the .mov and .mp4 file
handling components, complete with detailed proof of concept files
that demonstrate the flaws.
-- Description --
Following initial confusion about the nature of the vulnerability
used to compromise the test OS X system at the recent CanSecWest
conference, it has been disclosed that it used a previously-
undisclosed vulnerability in the QuickTime Java component, which
allows an attacker to take control of a victim's system once they
have been convinced to view malicious content. Following this
disclosure, two other serious vulnerabilities with various QuickTime
media handling libraries (.mov and .mp4) have been revealed, both
allowing remote attackers to take control of a victim's system (at
the same level as the victim) once they have been convinced to view
malicious media files.
-- Recommended Action --
Apply caution to interacting with remote QuickTime media until such
time as Apple is able to release a patch to address the issue. Users
should also ensure that they are not logged in as an administrator
for normal system usage. Disabling Java support in OS X browsers
will prevent the QuickTime Java vector from working, though users
will still need to avoid .mov and .mp4 files (some protection offered
by unchecking the Enable plug-ins option in Safari).
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)
1.2 Paint Shop Pro - Remote Hacker Manual Control
-- Products Affected --
Corel Paint Shop Pro Photo v11.20
-- Technical Description --
A buffer overflow allowing arbitrary code execution when handling
malicious .clp files has been discovered. Full exploit code has
already been released.
-- Description --
It has been discovered that there is a vulnerability in Paint Shop
Pro's handling of .clp files, which can allow an attacker to take
complete control of a vulnerable system, once they have convinced
their victim to open a malicious file.
-- Recommended Action --
Avoid opening .clp files from untrusted sources until Corel is able
to release a patch to address this issue.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 6 6 (High)
Corporate 6 6 (High)
1.3 PhotoShop - Remote Hacker Manual Control
-- Products Affected --
Adobe Photoshop CS2, CS3
-- Technical Description --
An unspecified buffer overflow in Photoshop's handling of .bmp files
has been discovered, with complete exploit code released. The
provided exploit code will allow control of a vulnerable system when
Photoshop handles malicious .bmp, .dib or .rle files.
-- Description --
Adobe Photoshop has been discovered to be vulnerable to an
unspecified problem which can allow an attacker to take control of a
vulnerable system provided that a victim can be convinced to interact
with a malicious .bmp file.
-- Recommended Action --
Avoid .bmp, .rle, and .dib files from untrusted sources until Adobe
is able to release a patch to address this issue.
-- Source --
(Paid subscription required to access)
-- Updates Available --
(Paid subscription required to access)
-- External Tracking Data --
(Paid subscription required to access)
-- Threat Matrix --
U O
Home User 6 6 (High)
Corporate 6 6 (High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical
*/
=======================================
2. NEWS
2.1 On Your Way Out, Don't Forget The Door
The former CEO at eEye, Ross Brown, used to maintain a blog where he
discussed various activities related to eEye - at least until his
recent, sudden departure.
Since his departure, the blog fell silent until an unknown hacker (or
group of hackers) gained posting access to the blog and launched a
tirade against him, eEye, and the Information Security industry in
general. Mixed in with the tirade was full personal details for Ross
Brown, including his home address, phone number, and enough
information to suggest that the attacker(s) also had his full credit
card details.
It appears that whoever managed to gain access to the blog claims
association with pr0j3kt m4yh3m, a group known for their attacks
against Information Security figureheads and companies. The attack
serves to highlight the importance of keeping authentication details
and records secure, especially for people who are seen as public
mouthpieces for companies or other groups.
2.2 Malaysia Is Watching
The Malaysian government is set to create a unit with the goal of
countering the 'lies' being spread on the Internet about government
policies. Effectively, the unit will be engaged in Information
Warfare and propaganda, with the stated goals of "working to
disseminate information, explain correct information and counter the
misinformation on government policies".
Historically, there have been verbal attacks against bloggers by
government representatives, who have accused the bloggers of
spreading slander and gossip. Threats of tighter Internet controls
and other punitive punishments are also used in an attempt to keep
web users in line.
=======================================
Sincerely,
Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444
** Sûnnet Beskerming Pty. Ltd. **
Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist
and, in conjunction with the tools developed by Jongsma & Jongsma
Pty. Ltd., provides total security solutions and services, from the
perimeter to internal data stores, including web application security
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
« Return to Thread: Advisory #227 - QuickTime, Paint Shop Pro, Photoshop, Multiple News
| Free Forum Powered by Nabble | Forum Help |
