No IT Alerts at this time.
|
SANS Newsletter - @RISK: The Consensus Security Alert - Full
-
SANS 2009
More than 35 courses, SANS top instructors, all in one great place! SANS 2009 is being held in Orlando, FL on March 2-9. Register today! -
(1) CRITICAL: Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
Category: Widely Deployed Software
Affected:
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Vista x64 Edition , Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition and Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 7 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Description:
- A vulnerability has been identified in ipeers.dll, a library used by
- Microsoft Internet Explorer. By enticing the user to visit a specially
- crafted page, an attacker can execute arbitrary code with the
- permissions of the currently logged-in user. The vulnerability exists
- because it is possible for the vulnerable software to use a pointer
- reference after it is freed. Microsoft has reported targeted attacks
- attempting to exploit this vulnerability. Full technical details for
- this vulnerability via a public proof-of-concept.
-
(10) MODERATE: VLC Media Player Bookmark Handling Buffer Overflow Vulnerability
Category: Widely Deployed Software
Affected:
- VideoLAN VLC media player 1.0.5
- VideoLAN VLC media player 1.0.3
- VideoLAN VLC media player 1.0.2
- VideoLAN VLC media player 1.0.1
- VideoLAN VLC media player 1.0
-
(2) HIGH: Microsoft Office Excel Multiple Vulnerabilities (MS10-017)
Category: Widely Deployed Software
Affected:
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- 2007 Microsoft Office System Service Pack 1
- 2007 Microsoft Office System Service Pack 2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
- Microsoft Office Excel Viewer Service Pack 1 and Microsoft Office Excel Viewer Service Pack 2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
- Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)[2]
- Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)[2]
- Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)[2]
- Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)[2]
-
(3) HIGH: Microsoft Windows Movie Maker Buffer Overflow Vulnerability (MS10-016)
Category: Widely Deployed Software
Affected:
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Microsoft Producer 2003
- Movie Maker 2.1
- Movie Maker 2.6
- Movie Maker 6.0



