Incidents on the Microsoft security front have slowed in the
past week or two, which gives us time to review many of the non-Microsoft
threats that have cropped up in the meantime. A potentially widespread Adobe
Systems vulnerability, a slew of Computer Associates threats, a flaw in poker
software, and more malware are taking advantage of the recent focus on Redmond.
I’ve spent the past couple of weeks covering the recent slew of
Microsoft vulnerabilities, but that doesn’t mean the rest of the security
scene has remained unaffected. This time, I’ll bring you up to date on some
threats due to holes in other vendors’ products, which can be just as dangerous
and perhaps even more widespread.
The first threat I want to cover deals with Adobe Systems’ Acrobat
and Reader—software that’s certainly on more computers than Windows or Internet
Explorer. Acrobat and Reader are not only on almost all Windows systems; they’re
also on many non-Microsoft systems as well.
A highly critical vulnerability has surfaced in a core
component of both Acrobat and Reader (CAN-2005-2470). The buffer overrun
threat affects Acrobat 5.x, 6.x, and 7.x as well as Reader 5.x, 6.x, and
7.x. This isn’t a Microsoft-specific threats—Mac OS, Linux, and Solaris
versions are also vulnerable. For more information, read the Secunia advisory.
I’ve been unable to determine whether this vulnerability also
affects OpenOffice. However, because the threat affects a core plug-in
component, I suspect OpenOffice could crash due to the same problem, which
would make this a significant cross-platform DoS threat.
The Acrobat boundary error threat can allow arbitrary code
execution. Just opening a specially crafted malicious document would be enough
to trigger execution. For information about patches or updates, check out the Adobe Security
The best of the rest
French Security Incident Response Team (FrSIRT) has reported a critical exploit
in various ViRobot antivirus programs, including ViRobot Expert 4.0, ViRobot
Linux Server 2.0, ViRobot Advanced Server, and HAURI LiveCall. A patch
is available for ViRobot Linux Server 2.0, and users should update other
programs to the latest versions.
number of critical, remotely executable vulnerabilities have surfaced in a
large group of Computer Associates products. These vulnerabilities affect
far too many products and versions to list here, so check out FrSIRT’s report
or visit Computer
Associates’ Online Support Web site for more information.
critical, remotely executable vulnerability has emerged in Electronic Mail
for UNIX (ELM) versions prior to 2.5-PL8. For more details, see the FrSIRT
- If you
thought that hackers were mostly a U.S. and Eastern European phenomenon—or
that other countries are simply turning a blind eye to the threat—you
should know that Brazil isn’t a safe haven for hackers. According to a
report on the Australian IT Web site, Brazilian police made one
of the biggest crackdowns on electronic crime in the country last week, issuing arrest warrants for
more than 100 bank account hackers in the South American country.
Online fraud complaints in Brazil have reportedly surged more than 1,000
percent in the second quarter of 2005.
to a Secunia report,
Chris Moneymaker’s—yes, that’s his real name—World Poker Championship
software contains a critical buffer overflow vulnerability. While you may
think this is a silly item to include, interest in online poker games is surging—and
you can bet that some employees are playing it on the sly instead of
solitaire. For more information, see the original advisory.
you knew we’d have to get back to Microsoft sooner or later. The software
giant is about to release a special
anti-phishing tool for Windows XP and Windows Server 2003 Internet Explorer
6, a tool also intended to be part of IE7. A pop-up warning that triggers
when you navigate to a suspicious site, the Microsoft Phishing Filter
add-in should soon be available in test form.
- Users of
MSN Messenger should be aware of new threats. Both the Tixanbot
Trojan and the Guapim
worm have surfaced recently.
there has been a surge of slightly more dangerous malware recently,
including Zotob variants, Mytob variants, and Kelvir. While these are all
pretty low-grade worms and viruses—barely above the lowest danger and
distribution levels—they’re notable because this is a higher level of
incidents than we’ve seen for several months.
These vulnerabilities have the potential to be very
widespread. Of course, as I always say, any vulnerability is serious if it
affects your system and causes you to spend time removing it or recovering from
the attack. However, the largest threat in terms of possible vulnerable systems
(the Acrobat buffer overrun) is far more likely to cause Acrobat and possibly
the operating system to crash than it is to allow someone to actually penetrate
Personally, I’ve never had a crash occur at a good time, so I don’t really find this
particularly comforting. But I thought I should mention that it probably isn’t going
to turn into a major threat.
After all, even the users who open every e-mail attachment
or link would probably hesitate to take the time to load in an Acrobat file
from some stranger. Then again, people seem to rush to give out bank account
numbers and their social security numbers, so perhaps they will open random PDF
Here’s one tip to pass on to such users: If you’re concerned
about the contents and safety of an Acrobat file on the Web or just have
problems loading it, try Googling it and clicking the View As HTML option to determine
if it really is worth loading.
Miss a column?
Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.
Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter, delivered each Tuesday!
John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.