Malware

Systems Affected   Microsoft Windows systems   Overview   Microsoft has released a security update for Internet Explorer (IE) that disables the ADODB.Stream ActiveX control. This update reduces the impact of attacks against cross-domain vulnerabilities in IE.   Description   A class of vulnerabilities in IE allows malicious script from one domain to execute in a different domain which may also be in a different IE security zone. Attackers typically seek to execute script in…

Read More

Systems Affected ISC DHCP versions 3.0.1rc12 and 3.0.1rc13 Overview Two vulnerabilities in the ISC DHCP allow a remote attacker to cause a denial of the DHCP service on a vulnerable system. It may be possible to exploit these vulnerabilities to execute arbitrary code on the system. Description As described in RFC 2131, “the Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration information to hosts on a TCP/IP network.” The Internet Systems Consortium’s…

Read More

Systems Affected   Microsoft Windows systems   Overview   A cross-domain vulnerability in Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the user running IE.   Description   There is a cross-domain vulnerability in the way IE determines the security zone of a browser frame that is opened in one domain then redirected by a web server to a different domain. A complex set of conditions is involved,…

Read More

Systems Affected   Microsoft Windows systems   Overview   Microsoft Internet Explorer (IE) contains a flaw that could allow attackers to run programs of their choice on your computer.   Description   Microsoft IE uses a cross-domain security model to separate content from different sources. A flaw in the model makes IE vulnerable to a cross-domain violation. Attackers could exploit this flaw to execute programs on your computer. Resolution Apply a patch Micrososft has released…

Read More

Systems Affected Oracle Applications 11.0 (all releases) Oracle E-Business Suite 11i, 11.5.1 through 11.5.8 Overview A vulnerability in the Oracle’s E-Business Suite allows a remote attacker to execute arbitrary script on a vulnerable database system. Exploitation may lead to compromise of the database application, data integrity, or underlying operating system. Description Oracle E-Business Suite is a set of applications and modules that enables an organization to manage customer interactions, deliver services, manufacture products, ship orders,…

Read More

Systems Affected   Concurrent Versions System (CVS) versions prior to 1.11.16 CVS Features versions prior to 1.12.8   Overview   A heap overflow vulnerability in the Concurrent Versions System (CVS) could allow a remote attacker to execute arbitrary code on a vulnerable system.   Description   CVS is a source code maintenance system that is widely used by open-source software development projects. There is a heap memory overflow vulnerability in the way CVS handles the…

Read More

Systems Affected Systems that rely on persistent TCP connections, for example routers supporting BGP Overview Most implementations of the Border Gateway Protocol (BGP) rely on the Transmission Control Protocol (TCP) to maintain persistent unauthenticated network sessions. There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition; in the case of BGP systems, portions of the Internet community may…

Read More

Systems Affected Cisco routers and switches running vulnerable versions of IOS. Vulnerable IOS versions known to be affected include: 12.0(23)S4, 12.0(23)S5 12.0(24)S4, 12.0(24)S5 12.0(26)S1 12.0(27)S 12.0(27)SV, 12.0(27)SV1 12.1(20)E, 12.1(20)E1, 12.1(20)E2 12.1(20)EA1 12.1(20)EW, 12.1(20)EW1 12.1(20)EC, 12.1(20)EC1 12.2(12g), 12.2(12h) 12.2(20)S, 12.2(20)S1 12.2(21), 12.2(21a) 12.2(23) 12.3(2)XC1, 12.3(2)XC2 12.3(5), 12.3(5a), 12.3(5b) 12.3(6) 12.3(4)T, 12.3(4)T1, 12.3(4)T2, 12.3(4)T3 12.3(5a)B 12.3(4)XD, 12.3(4)XD1 Overview There is a vulnerability in Cisco’s Internetwork Operating System (IOS) SNMP service. When vulnerable Cisco routers or switches process…

Read More

Systems Affected   Microsoft Windows Operating Systems Microsoft Windows Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM) subsystems Microsoft Windows MHTML Protocol Handler Microsoft Jet Database Engine   Overview   Microsoft Corporation has released a series of security bulletins affecting most users of the Microsoft Windows operating system. Users of systems running Microsoft Windows are strongly encouraged to visit the Windows Security Updates for April 2004 and take actions appropriate to their system…

Read More

Systems Affected   Systems running Microsoft Windows   Overview   There are multiple vulnerabilities in Microsoft Windows that could allow attackers to take control of your computer.   Description   Microsoft has released Windows Security Updates for April 2004, which addresses multiple vulnerabilities in the Microsoft Windows operating system. Three of the four updates are considered critical, so users should apply the updates as soon as possible. A technical description of these vulnerabilities is available…

Read More