Apple QuickTime Java Handling Unspecified Code Execution

Published: 2007-04-24. Last Updated: 2007-04-24 21:54:43 UTC
by Deborah Hale (Version: 1)
0 comment(s)
Secunia Advisory: SA25011


Secunia has posted an advisory today that involves Apple Quicktime Java. According to the advisory this is a highly critical problem that affects versions 3.x, 4.x, 5.x, 6.x and 7.x. The vulnerability is due to an unspecified error within the Java handling in QuickTime. This can be exploited allowing execution of arbitrary code when a user visits a malicious web site using a Java-enabled browser e.g. Safari or Firefox.

For more information see:

secunia.com/advisories/25011/
Keywords:
0 comment(s)

Microsoft Office Exploit

Published: 2007-04-24. Last Updated: 2007-04-24 16:18:55 UTC
by Deborah Hale (Version: 1)
0 comment(s)
On Monday in an article in USA Today the title reads “Cyberspies exploit Microsoft Office”. The article states that the CyberSpies have tainted Microsoft Office files and are emailing them to specific organizations in hopes that the unsuspecting employee will open the attachment, infect their computer thus opening a hole which the attacker can then use to explore in the infected network and look for trade secrets, military secrets, passwords, etc. MessageLabs in an interview with USA Today said that it has intercepted assaults coming from Taiwan and China since November 2006. It appears that the targets are Federal Agencies, Defense and Nuclear contractors.

In a quote from the article, our own Alan Paller at Sans Institute says:

“Assaults are coming from China and perhaps other countries in the hunt for military, trade and infrastructure intelligence, says Alan Paller, research director at The SANS Institute, a security think tank. The goal: strategic advantage over the USA. "The attacks are working," says Paller. "Penetrations are deep and broad."

For more information and to read the article:

www.usatoday.com/tech/news/computersecurity/2007-04-22-cyberspies-microsoft-office_N.htm
Keywords:
0 comment(s)

Comments


Diary Archives