ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] New vulns in PowerPoint and IE




http://isc.sans.org/diary.php
        
Handler's Diary September 28th 2006

previous -
Powerpoint, yet another new vulnerability (NEW)
Published: 2006-09-28,
Last Updated: 2006-09-28 02:09:35 UTC by Swa Frantzen (Version: 1)

Microsoft confirms yet another powerpoint vulnerability that leads to
code execution.
References

    * Security Advisory 925984
    * CVE-2006-4694
    * avertlabs blog

Detection
McAfee has a writeup of the exploit they detected against this
vulnerability to connect back to http:// mylostlove1 .6600
.org/[CENSORED] but variants of this will most likely connect to other
places.
Affected
It seems all supported versions of Office are affected. It's interesting
to note that Microsoft also lists the Apple versions of Office as
vulnerable.

Delivery vectors are basically all means to get the file to you,
including web, email, thumb drives, CDs, ...
Defenses

    * Do not to open ... but we all know how easy it is to social
engineer people into opening things anyway.
    * Use the PowerPoint Viewer 2003 (nah, not an option if you have a
Mac).
    * Filter and/or quarantine powerpoint files in the perimeter
(prevent powerpoint email attachments and getting powerpoint files on
the web), but it's not easy as it has genuine uses and it has the
potential of not needed the ".ppt" file extention.
    * Keep antivirus signatures up to date.
    * Keep an eye out for a patch from Microsoft.
    * ...

If you do run into a sample we're interested in obtaining one (to add to
our collection ;-) )

--
Swa Frantzen -- Section 66

MSIE: One patched, one pops up again (setslice) (NEW)
Published: 2006-09-28,
Last Updated: 2006-09-28 02:08:55 UTC by Swa Frantzen (Version: 1)

If you remember the month of browser bugs series of exploits back in
July, there was a denial of service there that appears to have code
execution after all. Coincidence or not, it got publicly released after
the out of cycle Microsoft patch for MSIE.

So: No, surfing with MSIE is still not safe.
References

    * CVE-2006-3730
    * USCERT note 753044

Defenses

    * Use an alternate browser (yeah, we sound like a broken record).
But diversity really helps make the bad guys' job harder.
    * Disable ActiveX (take care: windowsupdate needs it, so you need to
trust those sites)
    * Set the killbit:
      {844F4806-E8A8-11d2-9652-00C04FC30871}
      [unconfirmed at this point it's the right killbit, so proceed with
caution]
    * Keep antivirus signatures up to date.
    * Keep an eye out for a patch from Microsoft.
    * ...




 




Copyright © Lexa Software, 1996-2009.