There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.
Monthly Archives: August 2015
Microsoft Office 2007 OGL.dll DpOutputSpanStretch:OutputSpan Out Of Bounds Write
A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.
Apple Releases Security Update for QuickTime
Original release date: August 20, 2015
Apple has released a security update to address multiple vulnerabilities in QuickTime for Windows 7 and Windows Vista. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.
Users and administrators are encouraged to review the Apple security update page for QuickTime 7.7.8 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Vuln: OpenSSL CVE-2015-1793 Certificate Verification Security Bypass Vulnerability
OpenSSL CVE-2015-1793 Certificate Verification Security Bypass Vulnerability
Ashley Madison hack – the importance of securing your personal data
I have just read the informative blog written by my colleague Michael McKinnon, detailing the extent of the data breach that AshleyMadison.com suffered earlier this month.
As with all data breaches, the first thing people ask themselves is, “does it affect me and what precautions can I take?” When a large amount of data is stolen that includes personal details such as credit card numbers and date of birth, you can take measures now to minimize the risk of your data being misused in the future.
What can we do to protect ourselves after a data breach?
- Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
- Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
- Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
- Avoid using the same email address or profile name across multiple online accounts. For example, have a primary email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
- Set privacy settings. Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
- Check electronic statements and correspondence. Receipts for transactions that you don’t recognize could show up in your mail.
- Use strong passwords and two-factor authentication: See my previous blog post on how to create complex passwords that are easy to remember.
- Have updated security software. Updated antivirus software will block access to many phishing sites that ask for your personal data.
Lastly, you may want to consider enlisting an identity monitoring service. Commercial companies that have been breached often offer this reactively to the victims but understanding where or if your identity is being abused in real-time will give you the ability to manage issues as they happen.
Follow me on Twitter @TonyatAVG
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
CVE-2015-6528
Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter.
CVE-2015-6529
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
CVE-2015-6530
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
Facebook Updates Information-Sharing Platform
Facebook announced that its ThreatExchange information-sharing platform is closing in on 100 participants and has streamlined its application process.