CyberSecure Specialist

Systems Affected Oracle Applications 11.0 (all releases) Oracle E-Business Suite 11i, 11.5.1 through 11.5.8 Overview A vulnerability in the Oracle’s E-Business Suite allows a remote attacker to execute arbitrary script on a vulnerable database system. Exploitation may lead to compromise of the database application, data integrity, or underlying operating system. Description Oracle E-Business Suite is a set of applications and modules that enables an organization to manage customer interactions, deliver services, manufacture products, ship orders,…

Read More

Systems Affected   Concurrent Versions System (CVS) versions prior to 1.11.16 CVS Features versions prior to 1.12.8   Overview   A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system.   Description   CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory overflow vulnerability in the way CVS handles the…

Read More

Systems Affected Systems that rely on persistent TCP connections, for example routers supporting BGP Overview Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may…

Read More

Systems Affected Cisco routers and switches running vulnerable versions of IOS. Vulnerable IOS versions known to be affected include: 12.0(23)S4, 12.0(23)S5 12.0(24)S4, 12.0(24)S5 12.0(26)S1 12.0(27)S 12.0(27)SV, 12.0(27)SV1 12.1(20)E, 12.1(20)E1, 12.1(20)E2 12.1(20)EA1 12.1(20)EW, 12.1(20)EW1 12.1(20)EC, 12.1(20)EC1 12.2(12g), 12.2(12h) 12.2(20)S, 12.2(20)S1 12.2(21), 12.2(21a) 12.2(23) 12.3(2)XC1, 12.3(2)XC2 12.3(5), 12.3(5a), 12.3(5b) 12.3(6) 12.3(4)T, 12.3(4)T1, 12.3(4)T2, 12.3(4)T3 12.3(5a)B 12.3(4)XD, 12.3(4)XD1 Overview There is a vulnerability in Cisco’s Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process…

Read More

Systems Affected   Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM) subsystems Microsoft Windows MHTML Protocol Handler Microsoft Jet Database Engine   Overview   Microsoft Corporation has released a series of security bulletins affecting most users of the Microsoft Windows operating system. Users of systems running Microsoft Windows are strongly encouraged to visit the Windows Security Updates for April 2004 and take actions appropriate to their system…

Read More

Systems Affected   Systems running Microsoft Windows   Overview   There are multiple vulnerabilities in Microsoft Windows that could allow attackers to take control of your computer.   Description   Microsoft has released Windows Security Updates for April 2004, which addresses multiple vulnerabilities in the Microsoft Windows operating system. Three of the four updates are considered critical, so users should apply the updates as soon as possible. A technical description of these vulnerabilities is available…

Read More

Systems Affected   Microsoft Windows systems   Overview   A cross-domain vulnerability in the Outlook Express MIME Encapsulation of Aggregate HTML Documents (MHTML) protocol handler could allow an attacker to execute arbitrary code with the privileges of the user invoking the handler. The attacker may also be able to read and manipulate data on web sites in other domains or zones.   Description   There is a cross-domain vulnerability in the way the Outlook Express…

Read More

Systems Affected   Continuing Threats to Home Users View Previous Alerts Alert (SA04-079A) Continuing Threats to Home Users Original Release date: March 19, 2004 | Last revised: — Overview   There are a number of pieces of malicious code spreading on the Internet through email attachments, peer-to-peer file sharing networks and known software vulnerabilities. Intruders target home users who have cable modem and DSL connections because many home users do not keep their machines up…

Read More

Systems Affected   Applications and systems that use the OpenSSL SSL/TLS library   Overview   Several vulnerabilities in the OpenSSL SSL/TLS library could allow an unauthenticated, remote attacker to cause a denial of service.   Description   OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications including…

Read More

Systems Affected   Systems running Microsoft Office XP and Outlook 2002   Overview   There is a vulnerability in Outlook 2002 that could allow attackers to take control of your computer.   Description   By taking advantage of the way Outlook interprets email links, an attacker may be able to gain control of your computer. A technical description of these vulnerabilities is available from US-CERT in TA04-070A and from Microsoft in MS04-009. Resolution Apply a…

Read More