Not 24 hours after I posted about media player vulnerabilities this one was released. This vulnerability was reported by the vendor (Microsoft) and has luckily updates are already available. Hopefully nobody figures this out before the majority of people have updated.
http://www.securityfocus.com/bid/30550/info
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
September 16th, 2008
Media player exploits scare the crap out of me. The biggest reason that they scare me is because “end users don’t think before they click that link” (c) 2008 Web Insecurity. Now, when they normally get an e-mail, they would never click it if it was from their bank, but what happens if the link was from a co worker of theirs. Perhaps a peer in the professional industry, perhaps an e-mail from their doctors office, a friend or favorite department store mailing list with the details of a huge competition. The video form of media is very attractive to end users. Video’s always spread around the net and e-mail like wild fire, hence the name viral video. Now what happens when a media player vulnerability is not withheld like this new one: http://www.securityfocus.com/archive/1/496358? What happens when one of these gets added to MetaSploit, or perhaps in combination with XSS / XSRF maliciously linked in social networking sites?
I don’t have the answer, but I really don’t want to find out.
September 15th, 2008
Problems with Apache’s mod_proxy in Mandriva have been resolved with updated packages. A DOS in the regular module and an XSS in the ftp module.
Mandriva Linux Security Advisory MDVSA-2008:195
http://www.securityfocus.com/archive/1/496352
Problem Description:
A vulnerability was discovered in the mod_proxy module in Apache where
it did not limit the number of forwarded interim responses, allowing
remote HTTP servers to cause a denial of service (memory consumption)
via a large number of interim responses (CVE-2008-2364).
A cross-site scripting vulnerability was found in the mod_proxy_ftp
module in Apache that allowed remote attackers to inject arbitrary
web script or HTML via wildcards in a pathname in an FTP URI
(CVE-2008-2939).
The updated packages have been patched to prevent these issues.
September 15th, 2008
Here is a round up of the interesting SQL injections that were reported today. If you run any of these make sure you update. If you don’t run any of these then you lucked out this time, but there is still time for more to be reported today. (more…)
September 15th, 2008
If you use phpMyAdmin you may not update as regularly as you should. It seems like every week they come out with an update. The thing about phpMyAdmin is they have updates because exploits are released, but when they update they add a bunch of features. These features, you may like or you may hate. Either way, your forced to update if you don’t want to be left exploited. Here is the “Fix list” for 2.11.9.1:
- bug #2031221 [auth] Links to version number on login screen
- bug #2032707 [core] PMA does not start if ini_set() is disabled
- bug #2004915 [bookmarks] Saved queries greater than 1000 chars
not displayed
- bug #2037381 [export] Export type “replace” does not work
- bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
- bug #2045512 [export] Numbers in Excel export
+ [lang] Norwegian UTF-8 original file remerged
- bug #2074250 [parser] Undefined variable seen_from
- (2.11.9.1) [security] Code execution vulnerability
Now, I’ve removed the colors and formatting. They haven’t added any features in this one, its just a bug fix release. They put the [security] fix on the bottom, which to me is more important then any of the other “bugs”. The bugs are not in order, so I’m wondering why they put security at the bottom. Anyhow, a code execution vulnerability is not good, so update before you get owned.
September 15th, 2008
StingRay FTS Cross-Site Scripting Vulnerability
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064368.html
Secunia: http://secunia.com/Advisories/31645/
Product URL: http://www.porthale.co.uk/products/stingray/stingray.htm
As with a lot of XSS and web security advisories its not uncommon to never have heard of the product. The StingRay FTS is a File Transfer Server. You may be asking why I’m writing about XSS exploits since they are so petty. The reason is, this exploit happens to be (more…)
September 15th, 2008
It seems like the last post on web-insecurity was a bit in in-accurate. Me and Andrew really where meaning to start this website back up again, but never found the time to do it. So, even late 973 days later, web-insecurity.com is starting again. This time, I’m ready to roll and provide the latest in security news. Buckle your seat belts and subscribe to the RSS feed. It’s all down hill from here and its going to be a wild ride. Enjoy!
September 15th, 2008
It’s been almost two years since we’ve posted, but we’re finally back and look to bring high quality security related news just as we did almost two years ago.
It begins tomorrow.
January 7th, 2007
Last thursday a bill was introduced before the US senate that would hopefully give consumers more protection over their personal data.
Continue Reading July 25th, 2005
A Japanese nuclear worker accidently leaked nuclear secrets when his PC became infected by a worm.
Continue Reading July 25th, 2005
Next Posts
Previous Posts