Two patching items to report this morning: one affecting Cisco Security Agent (CSA), the other OpenOffice.
First, the CSA flaw, as described in Cisco advisory cisco-sa-20071205-csa: A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution. The vulnerability is triggered during processing of a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol.
Cisco has released free software updates that address this vulnerability.
Next, the OpenOffice issue as described in CVE-2007-4575: A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. All versions prior to OpenOffice.org 2.3.1 are affected.
This issue is addressed in HSQLDB 220.127.116.11 and OpenOffice.org 2.3.1.