"A memory corruption vulnerability exists in a library Microsoft Windows Explorer uses to parse document summary information," US-CERT said. "This vulnerability can be triggered by accessing a specially crafted document, or by accessing the folder containing the document. Exploit code is available for this vulnerability."
The complete impact of this vulnerability is not known, US-CERT said. Memory corruption does occur, but it is not clear if this can be leveraged to execute arbitrary code. "At a minimum, this vulnerability will cause Microsoft Windows Explorer to crash," the organization said.
US-CERT recommended users avoid opening unfamiliar or unexpected Office documents and refrain from file name extension filtering.
Microsoft said it is investigating the issue, but it isn't clear when the problem will be fixed. Microsoft announced Thursday it will not be releasing a security update this month.
GnuPG flaw could compromise signed messages
Researchers at Core Security Inc. have identified a flaw in the GNU Privacy Guard cryptographic system that allows an attacker to insert his own text into a GnuPG-signed message, or even completely replace the original text of the signed message.
The vulnerability is not in the encryption algorithm itself, but rather in the way that GnuPG interacts with the third-party applications that use it. The list of affected mail packages is extensive, and includes GNUMail, KMail, Enigmail and Mutt, among many others. The Free Software Foundation, which maintains GnuPG, has released a new version of the program and has posted an advisory about the problem on its site. The FSF decided to release its own fix rather than have each of the third-party developers patch their applications because of the large number of applications the vulnerability affects.
GnuPG is widely used by open-source email applications and other programs that require encryption, and not just in the Windows world. For example, there is a plug-in called GPGMail that can be used to send and receive encrypted messages via the mail client in Apple Computer Corp.'s Mac OS X operating system.
Mozilla warns of a new Firefox glitch
Mozilla has acknowledged a new flaw in Firefox and SeaMonkey attackers could exploit to bypass security restrictions and hijack targeted machines. The latest versions of those programs correct the problem.
A regression error occurs when the programs process certain IMG tags. Attackers who successfully lure users to a malicious Web page could then exploit the flaw to bypass restrictions and run arbitrary code.
The flaw specifically affects Firefox version 220.127.116.11 and 18.104.22.168; and SeaMonkey 1.0.7.
Users will be protected from the flaw by upgrading to Firefox 22.214.171.124 or 126.96.36.199; or SeaMonkey 1.1.1 or 1.0.8.
Mozilla released those versions last week to fix more than 10 other Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.
Apple fixes multiple QuickTime flaws
Apple Monday urged users of its QuickTime media player to upgrade to the latest version to correct multiple security flaws attackers could exploit to run insidious code on targeted machines by luring the user to a malicious Web site.
The French Security Incident Response Team (FrSIRT) rated the flaws critical in an advisory. It described the flaws as:
The flaws affect Apple QuickTime 7.1.4 and prior. The solution is to upgrade to QuickTime 7.1.5.
WordPress upgrade fixes 'dangerous' flaw
Developers of the open source blogging platform WordPress say users should upgrade to version 2.1.2 immediately to address a "dangerous" security hole an attacker recently managed to exploit.
"If you downloaded WordPress 2.1.1 within the past three to four days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately," the developers said in a warning on its WordPress Web site.
The development team said it received a message about unusual and highly exploitable code in WordPress, and an investigation confirmed that an attacker had modified version 2.1.1 from its original code.
"It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file," the advisory said. "We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution."
Although not all downloads of 2.1.1 were affected, the developers said they are declaring the entire version dangerous and have released version 2.1.2, which includes minor updates and entirely verified files. The team is also instituting new preventative measures, "not the least of which is minutely external verification of the download package so we'll know immediately if something goes wrong for any reason," the advisory said. The team has also reset passwords for a number of users with SVN and other access.
The advisory urged users to help find and replace vulnerable versions of the program:
"If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files [and] check out your friends' blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade," the advisory said.