iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Microsoft Patches Fix Image Vulnerabilities
Search:
[ insider_reports_insider ]

Microsoft Patches Fix Image Vulnerabilities



David Utter
Staff Writer
2008-08-13

SecurityProNews: Insider Reports Insider Reports RSS Feed


Critical fixes arrived for Microsoft applications in the August edition of their Patch Tuesday round of updates, including corrections for overflow vulnerabilities in image file formats in Microsoft Office.

Microsoft Patches Fix Image Vulnerabilities
Microsoft Patches Fix Image Vulnerabilities

Specially crafted files in one of several image formats could have posed remote code execution threats in Microsoft Office, the company said in one of its bulletins for August. Office 2000 was rated Critical as to its vulnerability to this; later versions of Office XP and 2003 only listed the problem as Important.

"The security update addresses the vulnerabilities by modifying the way that Microsoft Office parses the length of a file before passing the file to the allocated buffer," Microsoft said of the patch, which they recommend for immediate application.

Internet Explorer versions 5.01, 6 and 7 picked up fixes for five problems reported privately to the company. The update also closed a publicly disclosed flaw, one of the HTML objects memory corruption vulnerabilities Microsoft fixed in this round.

A problem with the Microsoft Access report snapshot viewer received public attention in July, but no fix until this month. Someone visiting a webpage crafted to exploit the vulnerable ActiveX control involved could see arbitrary code execute on the system, with the local user's rights.

Be wary of eMule: We heard from someone who said the hacker called shad0w managed to find an opening in eMule's poetry archive. A link provided by the individual gave us access to the /etc/passwd file; we also received a reputedly working database login for eMule.

Such a compromise should be a warning to eMule's users. If this hole in their web application exists, others may as well. Keep your security packages up to date to help mitigate potential problems.

A final note, to sysadmins everywhere: there's no reason to have a gopher user in your systems these days. 1991 called, it wants its tree-based text navigation protocol back.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds