News Stay informed about the latest enterprise technology news and product updates.

Fixes arrive for Cisco Security Agent, OpenOffice

Two patching items to report this morning: one affecting Cisco Security Agent (CSA), the other OpenOffice.

First, the CSA flaw, as described in Cisco advisory cisco-sa-20071205-csa: A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution. The vulnerability is triggered during processing of a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol.

Cisco has released free software updates that address this vulnerability.

Next, the OpenOffice issue as described in CVE-2007-4575: A security vulnerability in HSQLDB, the default database engine shipped with 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. All versions prior to 2.3.1 are affected.

This issue is addressed in HSQLDB and 2.3.1.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.