Latest Alerts from SANS Institute

The following alert updates and recommendations are being passed on to users. These highlight PDFs, Kindle Touch Quicktime, Java and WordPress Plugins.

Title: Use of XML Templates To Embed Malware In PDFs Description: The Sourcefire VRT has received multiple reports of malicious PDFs being distributed in the wild that embed their malicious content inside of an XML tempalte within the PDF. After extensive testing across thousands of PDF files, both malicious and benign, the VRT has determined that the number of legitimate uses of this functionality in the field today is so low that detection of such documents generically is a useful way to detect new malware variants. As always, users are highly encouraged to keep their PDF parsing applications up-to-date at all times.

Title: Remote Root Exploit in Kindle Touch Description: The built-in browser for the Kindle Touch integrates support for the Netscape Plugin API, a modern cross-browser scripting language. Unfortunately, it is implemented in such a way that it allows injection of commands into the browser with root privileges.  While the API is poorly documented, and few public details about exploitation currently exist in the wild, exploits will be trivial to write and should be presumed to exist at this point.

Title: Arbitrary Remote File Upload in WordPress Invit0r Plugin Description: The WordPress Invit0r plugin, which can be used to invite Yahoo contacts to visit your blog, has an arbitrary remote file include vulnerability. While it has been pulled from the official WordPress plugins site, multiple public exploits exist and are being actively used in the wild. While this particular plugin is not especially notable, it highlights the ongoing challenge of securing WordPress and other CMS systems, and the dangers created by such sites being exploited and used to host malware.

Title: Apple QuickTime Heap Based Buffer Overflow Vulnerability Vendor: Apple Description: Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file.

Title: Apple QuickTime TeXML Buffer Overflow Vulnerability Vendor: Apple Description: Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.

Title: Oracle Java SE Remote Code Execution Vulnerability / Blackhole Exploit Kit Vendor: Oracle Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

 

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: