>
> *****************************
> Widely-Deployed Software
> *****************************
>
> (1) HIGH: Adobe Acrobat Reader Browser Plugin Multiple Vulnerabilities
> Affected:
> Adobe Acrobat Browser Plugin version 7 and prior
>
> Description: The Adobe Acrobat Reader Browser Plugin, used to read
> Portable Document Format (PDF) documents inside web browsers, contains
> multiple vulnerabilities in the parsing of URLs pointing to PDF files.
> An attacker could exploit these vulnerabilities by including a
> specially-crafted "open parameters" in an URL pointing to any PDF
> document.
>
> "Open parameters" are used to pass addition parameters to the Adobe
> reader, and are placed in the "fragment" portion of the link (the
> portion of the link specified after the '#' sign).
> (1) By passing a "javascript" URL to various open parameters, an
> attacker could execute arbitrary javascript in the context of the web
> site hosting the PDF. Hence, this flaw can be exploited to
> steal cookies
> and user credentials for any web site that is hosting a PDF file. The
> flaw is believed to affect only Mozilla browsers.
> (2) By passing a URL to the various open parameters, an attacker can
> cause a web browser to send a request to any arbitrary web-accessible
> resource. This vulnerability affects most web browsers, including
> Mozilla browsers and Microsoft Internet Explorer. For example, an
> attacker could send a request to "example.net" by having a user click
> on the link ";.
> (3) A memory corruption vulnerability can be triggered by calling
> "document.write" via javascript with special parameters. This
> vulnerability affects Mozilla browsers, and is believed to be
> exploitable for remote code execution (not confirmed).
>
> Status: Adobe has confirmed, updates available.
>
> Council Site Actions: Two of the reporting council sites are using the
> affected software. They both plan to deploy the patch during
> their next
> regularly schedule maintenance cycle.
>
> References:
> Wisec Security Advisory
>
> Slashdot Discussion
>
> Posting by pdp
>
> 00005.html
> GNUCITIZEN Blog Posting
>
> Adobe Documentation on Open Parameters
>
> arameters.pdf
> Subverting Ajax
>
> Wikipedia Article on URI Schemes (includes information on URI syntax)
>
> Adobe Home Page
>
> SecurityFocus BIDs
>
>
>
> **************************************************************
> **************************************************************
> ***************
>
> (5) MODERATE: OpenOffice.org/StarOffice Multiple WMF Parsing
> Vulnerabilities
> Affected:
> OpenOffice.org versions prior to 2.1.0
> StarOffice versions 6, 7, and 8
>
> Description: OpenOffice.org (a popular open source office suite) and
> StarOffice (a commercial office suite based on the same code base)
> contain multiple vulnerabilities in the parsing of Windows
> Media Player
> (WMF) files. A specially-crafted Windows Media file could
> exploit these
> vulnerabilities and execute arbitrary code with the privileges of the
> current user. Note that, by default, Windows Media files are
> not opened
> by the these applications. Some technical details for these
> vulnerabilities are available, and because OpenOffice.org is open
> source, further details can be gained through source code analysis.
>
> Status: OpenOffice.org and StarOffice confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the council sites. They reported that no action was necessary.
>
> References:
> Posting by NGSSoftware
>
> Posting by David Litchfield
>
> Posting by Jua-Matti Laurio
>
> 0077.html
> Red Hat Security Advisory
>
> SecuriTeam Blog Posting
>
> SecurityFocus BID
>
>
>
> ______________________________________________________________________
>
> 07.2.9 CVE: CVE-2006-5749
> Platform: Linux
> Title: Linux Kernel Unspecified Remote Vulnerability
> Description: The Linux kernel is prone to an unspecified vulnerability
> that affects the "isdn_ppp_ccp_reset_alloc_state()" function of
> "drivers/isdn/i4l/isdn_ppp.c". Linux kernel versions prior to 2.4.34
> are vulnerable to this issue.
> Ref:
> ______________________________________________________________________
> ______________________________________________________________________
>
> 07.2.12 CVE: CVE-2007-0015
> Platform: Cross Platform
> Title: QuickTime RTSP URI Remote Buffer Overflow
> Description: Apple QuickTime is prone to a remote buffer
> overflow issue.
> When URIs with the "RTSP" scheme containing
> specifically-formatted data
> are loaded, a memory buffer may be overrun with
> attacker-supplied data.
> Apple QuickTime versions 7.2.3 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
