Microsoft acquires antispyware firm
Microsoft's acquisition of GIANT Company Software Inc. will put it in a better position to battle the scourge of spyware, the company said in a Web site statement Thursday.
"Spyware is a serious and growing problem for PC users, and customers have made it clear that they want Microsoft to deliver effective solutions to protect against the threat," said Mike Nash, corporate vice president of the Security Business and Technology Unit at Microsoft. "Through this acquisition we're excited to be able to provide near-term relief to Windows customers by offering new technology to help keep spyware and other deceptive software off their PCs."
Microsoft plans to offer customers a beta version of a spyware protection, detection and removal tool based on the GIANT antispyware product within one month. It will be available for Microsoft Windows 2000 and later versions. The company has yet to announce the terms of the acquisition.
Vulnerability in Adobe Acrobat Reader
Attackers could launch malicious code using a vulnerability in Adobe Acrobat Reader, Reston, Va.-based security firm iDefense said in an advisory. Version 6.0.2 of the program, used to view Portable Document Format (PDF) files, contains a format string vulnerability. "The problem specifically exists in the parsing of .etd files used in eBook transactions," iDefense said. "A .etd file containing a format string in the 'title' or 'baseurl' fields can cause an invalid memory access."
Successful exploitation allows an attacker to execute arbitrary code under the privileges of the local user, iDefense said. "Remote exploitation is possible by sending a specially crafted e-mail and attaching either the maliciously crafted .pdf document or a link to it," the advisory added. The firm confirmed the problem in Adobe Reader 6.0.2, but warned earlier versions could be vulnerable. The advisory offers workarounds, but Adobe has addressed the problem in Acrobat Reader 6.0.3.
Multiple "highly critical" PHP flaws
PHP users are advised to upgrade to version 4.3.10 or 5.0.3 to fix multiple vulnerabilities attackers could use to gain escalated privileges, bypass security restrictions and access sensitive information, among other things. Danish security firm Secunia outlined 10 "highly critical" security holes in an advisory Thursday:
- An integer overflow in the "pack()" function can be exploited to cause a heap-based buffer overflow by passing some specially crafted parameters to the function. Successful exploitation bypasses the safe_mode feature and allows execution of arbitrary code with the privileges of the Web server.
- An integer overflow in the "unpack()" function can be exploited to leak information stored on the heap by passing specially crafted parameters to the function. In combination with the first vulnerability, this may also allow bypassing of heap canary protection mechanisms.
- An error within safe_mode when executing commands can be exploited to bypass the safe_mode_exec_dir restriction by injecting shell commands into the current directory name. Successful exploitation requires that PHP runs on a multi-threaded Unix Web server.
- An error in safe_mode combined with certain implementations of "realpath()" can be exploited to bypass safe_mode via a specially crafted file path.
- An error within the handling of file paths may potentially lead to file inclusion vulnerabilities. The problem is that "realpath()," which in some implementations truncate filenames, is used in various places to obtain the real path of a file.
- Various errors within the deserialization code can be exploited to disclose information or execute arbitrary code via specially crafted strings passed to the "unserialize()" function.
- An unspecified error in the "shmop_write()" function may result in an attempt to write to an out-of-bounds memory location.
- An unspecified error in the "addslashes()" function causes it to not escape "0" correctly.
- An unspecified boundary error exists in the "exif_read_data()" function when handling long section names.
- An unspecified error within "magic_quotes_gpc" may allow a one-level directory traversal when uploading files.
PHP is a widely-used scripting language for Web development that can be embedded into HTML.
Cisco offers workaround for Unity flaws
Cisco Systems said in an advisory that its Unity product is vulnerable to attack. "Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange," the company said. "The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages and perform administrative functions on the Unity system." The problem affects Cisco Unity versions 2.x, 3.x and 4.x when integrated with Microsoft Exchange, the company said. As a workaround, Cisco recommends users change the passwords for the following accounts:
- Esubscriber .
New flaw in Internet Explorer
Danish security firm Secunia said Thursday Internet Explorer is vulnerable to cross-site scripting attacks. "The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the 'execScript()' function in certain situations," Secunia said in its advisory. "This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site." The firm has devised a test that can be used to check if your browser is affected. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2, the firm added. As a workaround, Secunia recommends users set their security level to high for the "Internet" zone, disabling ActiveX support.