Computer Security
 » 
Sunnet Beskerming Alert

Advisory #227 - QuickTime, Paint Shop Pro, Photoshop, Multiple News

View: New views
1 Messages — Rating Filter:   Alert me  

Advisory #227 - QuickTime, Paint Shop Pro, Photoshop, Multiple News

by Sunnet Beskerming Alert mailing list :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Sûnnet Beskerming Alert List Advisory #227

You are receiving this message because you have subscribed to our  
Information Security Alert Mailing List, or have been selected for a  
specific one-off copy.  If you believe that you are receiving this  
message in error, please contact info@... to resolve the  
error.

Why not upgrade to get same day notification on security threats?  
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).

Why not go the next step and get delivery tailored just for your  
company?
(http://www.beskerming.com/premium/focussed_advisory.html)


Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 QuickTime (Multiple)
        - Remote Hacker Automatic Control
        - Time Since Discovery - 3 Days
1.2 Paint Shop Pro
        - Remote Hacker Automatic Control
        - Time Since Discovery - 2 Days
1.3 Photoshop
        - Remote Hacker Automatic Control
        - Time Since Discovery - 2 Days
=======================================
/*
        - Remote or Local - Can it be achieved through a network or does it  
require physical access?
        - Hacker - The bad guy
        - Manual or Automatic  - Does the vulnerability need to be manually  
performed, or can it be automated?
        - Control, Denial of Service or Data Theft - Will the hacker get  
control of your system / website, will they prevent you from using  
it, or will they steal data.
*/
--------------------------------------------------------------------
2.    NEWS
--------------------------------------------------------------------
2.1 On Your Way Out, Don't Forget The Door
2.2 Malaysia Is Watching
=====================================

1. SECURITY

1.1 QuickTime (Multiple) - Remote Hacker Automatic Control

        -- Products Affected --
        QuickTime 7.x and earlier

        -- Technical Description --
        Numerous vulnerabilities have been disclosed in Apple's QuickTime  
media player and media format.  At least one arbitrary remote code  
execution flaw exists within the QuickTime Java component (which was  
used to defeat the test system at  CanSecWest).  Two other arbitrary  
code execution flaws have been disclosed with the .mov and .mp4 file  
handling components, complete with detailed proof of concept files  
that demonstrate the flaws.

        -- Description --
        Following initial confusion about the nature of the vulnerability  
used to compromise the test OS X system at the recent CanSecWest  
conference, it has been disclosed that it used a previously-
undisclosed vulnerability in the QuickTime Java component, which  
allows an attacker to take control of a victim's system once they  
have been convinced to view malicious content.  Following this  
disclosure, two other serious vulnerabilities with various QuickTime  
media handling libraries (.mov and .mp4) have been revealed, both  
allowing remote attackers to take control of a victim's system (at  
the same level as the victim) once they have been convinced to view  
malicious media files.

        -- Recommended Action --
        Apply caution to interacting with remote QuickTime media until such  
time as Apple is able to release a patch to address the issue.  Users  
should also ensure that they are not logged in as an administrator  
for normal system usage.  Disabling Java support in OS X browsers  
will prevent the QuickTime Java vector from working, though users  
will still need to avoid .mov and .mp4 files (some protection offered  
by unchecking the Enable plug-ins option in Safari).

        -- Source --
        (Paid subscription required to access)

        -- Updates Available --
        (Paid subscription required to access)

        -- External Tracking Data --
        (Paid subscription required to access)

        -- Threat Matrix --
                        U O
        Home User 10 10 (Highly Critical)
        Corporate 10 10 (Highly Critical)


1.2 Paint Shop Pro - Remote Hacker Manual Control

        -- Products Affected --
        Corel Paint Shop Pro Photo v11.20

        -- Technical Description --
        A buffer overflow allowing arbitrary code execution when handling  
malicious .clp files has been discovered.  Full exploit code has  
already been released.

        -- Description --
        It has been discovered that there is a vulnerability in Paint Shop  
Pro's handling of .clp files, which can allow an attacker to take  
complete control of a vulnerable system, once they have convinced  
their victim to open a malicious file.

        -- Recommended Action --
        Avoid opening .clp files from untrusted sources until Corel is able  
to release a patch to address this issue.

        -- Source --
        (Paid subscription required to access)

        -- Updates Available --
        (Paid subscription required to access)

        -- External Tracking Data --
        (Paid subscription required to access)

        -- Threat Matrix --
                        U O
        Home User 6 6  (High)
        Corporate 6 6  (High)


1.3 PhotoShop - Remote Hacker Manual Control

        -- Products Affected --
        Adobe Photoshop CS2, CS3

        -- Technical Description --
        An unspecified buffer overflow in Photoshop's handling of .bmp files  
has been discovered, with complete exploit code released.  The  
provided exploit code will allow control of a vulnerable system when  
Photoshop handles malicious .bmp, .dib or .rle files.

        -- Description --
        Adobe Photoshop has been discovered to be vulnerable to an  
unspecified problem which can allow an attacker to take control of a  
vulnerable system provided that a victim can be convinced to interact  
with a malicious .bmp file.

        -- Recommended Action --
        Avoid .bmp, .rle, and .dib files from untrusted sources until Adobe  
is able to release a patch to address this issue.

        -- Source --
        (Paid subscription required to access)

        -- Updates Available --
        (Paid subscription required to access)

        -- External Tracking Data --
        (Paid subscription required to access)

        -- Threat Matrix --
                        U O
        Home User 6 6  (High)
        Corporate 6 6  (High)

=======================================
/*
Threat Matrix:
        U - User
        O - Operator
        Harmless - 0 ----- 10 - Highly Critical
*/
=======================================

2. NEWS

2.1 On Your Way Out, Don't Forget The Door

The former CEO at eEye, Ross Brown, used to maintain a blog where he  
discussed various activities related to eEye - at least until his  
recent, sudden departure.

Since his departure, the blog fell silent until an unknown hacker (or  
group of hackers) gained posting access to the blog and launched a  
tirade against him, eEye, and the Information Security industry in  
general.  Mixed in with the tirade was full personal details for Ross  
Brown, including his home address, phone number, and enough  
information to suggest that the attacker(s) also had his full credit  
card details.

It appears that whoever managed to gain access to the blog claims  
association with pr0j3kt m4yh3m, a group known for their attacks  
against Information Security figureheads and companies.  The attack  
serves to highlight the importance of keeping authentication details  
and records secure, especially for people who are seen as public  
mouthpieces for companies or other groups.


2.2 Malaysia Is Watching

The Malaysian government is set to create a unit with the goal of  
countering the 'lies' being spread on the Internet about government  
policies.  Effectively, the unit will be engaged in Information  
Warfare and propaganda, with the stated goals of "working to  
disseminate information, explain correct information and counter the  
misinformation on government policies".

Historically, there have been verbal attacks against bloggers by  
government representatives, who have accused the bloggers of  
spreading slander and gossip.  Threats of tighter Internet controls  
and other punitive punishments are also used in an attempt to keep  
web users in line.

=======================================

Sincerely,

Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444

** Sûnnet Beskerming Pty. Ltd. **

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist  
and, in conjunction with the tools developed by Jongsma & Jongsma  
Pty. Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com
LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help