• United States

Adobe warns of critical flaw in Flash player

Mar 20, 20063 mins

* Patches from Gentoo, Fedora, Debian, others * Beware worm that targets the .Net framework and can infect both regular desktops and Windows Mobile devices * VeriSign warns of massive denial-of-service attacks, and other interesting reading

Today’s bug patches and security alerts:

Adobe warns of critical flaw in Flash player

A flaw in many versions of the popular Flash player could allow an attacker to run arbitrary code on the affected machine if a malicious SWF file is loaded. Users should upgrade to Version 8.022.0 to fix the problems.

Related US-CERT advisory


Symantec warns of DoS in Veritas Backup Exec

An internal review of code by Symantec turned up a potential denial of service vulnerability in multiple versions of its Veritas Backup Exec software. Updates are available.


New patches from Debian

kpdf (buffer overflow)

Drupal (multiple flaws)

wzdftpd (code execution)

Recent updates from Fedora:

kdelibs (multiple flaws)

xpdf (multiple flaws)

libungif (code execution)

gdk-pixbuf (multiple flaws)

kernel packages (multiple flaws)


New updates from Gentoo

Metamail (buffer overflow, code execution)

Crypt::CBC (weak encryption)

Heimdal (privilege escalation)

PEAR-Auth (authentication bypass)

zoo (buffer overflow, code execution)

Freeciv (denial of service)


Today’s roundup of virus alerts:

Troj/PWS-KI — This Backdoor Trojan e-mails its author when it infects the machine and can communicate with outside hosts via HTTP. It is installed as “Server.exe” in the Startup directory. (Sophos)

W32/Xrove-A or CXOver.A — A worm that targets the .Net framework and can infect both regular desktops and Windows Mobile devices, spreading to any mobile device connected to an infected PC. It tries to delete files in the “My Documents” directory. (Sophos, Panda Software)

Troj/Bancban-OJ — Another Trojan that is used to steal local information – usually related to Internet banking sites – and can be used to download additional malicious code. It is installed as “taskmam.exe” in the Window System folder. (Sophos)

Troj/ServU-CE — A hacked version of a commercially available FTP server. It runs the server on port 43958. (Sophos)

Banker.CHG — A Trojan that is manually spread to a machine. It targets specific Internet banking sites. When one of the target sites is hit, the browser is redirected to a similar looking phishing site. (Panda Software)

W32/Tilebot-DX and EA — A backdoor Trojan that spreads through network shares with weak passwords and known Windows vulnerabilities. It allows access through IRC and installs the file “win32ssr.exe” in the Windows System folder. (Sophos)

Troj/Jubik-A — A Trojan that tries to download and install additional malicious code on the infected host. It is installed in the Windows System folder as “jb???.exe” (the ?s are random characters). (Sophos)

Troj/Steam-F — This Trojan steals passwords for the game Half Life 2. It is installed as “xy337.bat” in the Windows Temp folder. (Sophos)


From the interesting reading department:

VeriSign warns of massive denial-of-service attacks

A sudden increase in a particularly dangerous type of distributed denial-of-service (DDoS) attack could portend big trouble for companies, according to VeriSign. Computerworld, 03/16/06.

Microsoft goes public with Blue Hat hacker conference

Microsoft is going public with some of the hacking information discussed at its Blue Hat Security Briefings event. On Thursday, just days after the end of its third Blue Hat conference, the software vendor posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event. IDG News Service, 03/17/06.

Use numbers to fight cybercrime, PartnerWorld attendees are told

Statistics could prove a handy ally in helping companies large and small to ward off cyberattacks, according to one security expert. IDG News Service, 03/16/06.