Incidents on the Microsoft security front have slowed in the
past week or two, which gives us time to review many of the non-Microsoft
threats that have cropped up in the meantime. A potentially widespread Adobe
Systems vulnerability, a slew of Computer Associates threats, a flaw in poker
software, and more malware are taking advantage of the recent focus on Redmond.

Details

I’ve spent the past couple of weeks covering the recent slew of
Microsoft vulnerabilities, but that doesn’t mean the rest of the security
scene has remained unaffected. This time, I’ll bring you up to date on some
threats due to holes in other vendors’ products, which can be just as dangerous
and perhaps even more widespread.

Adobe Systems

The first threat I want to cover deals with Adobe Systems’ Acrobat
and Reader—software that’s certainly on more computers than Windows or Internet
Explorer. Acrobat and Reader are not only on almost all Windows systems; they’re
also on many non-Microsoft systems as well.

A highly critical vulnerability has surfaced in a core
component of both Acrobat and Reader (CAN-2005-2470). The buffer overrun
threat affects Acrobat 5.x, 6.x, and 7.x as well as Reader 5.x, 6.x, and
7.x. This isn’t a Microsoft-specific threats—Mac OS, Linux, and Solaris
versions are also vulnerable. For more information, read the Secunia advisory.

I’ve been unable to determine whether this vulnerability also
affects OpenOffice. However, because the threat affects a core plug-in
component, I suspect OpenOffice could crash due to the same problem, which
would make this a significant cross-platform DoS threat.

The Acrobat boundary error threat can allow arbitrary code
execution. Just opening a specially crafted malicious document would be enough
to trigger execution. For information about patches or updates, check out the Adobe Security
Advisory.

The best of the rest

  • The
    French Security Incident Response Team (FrSIRT) has reported a critical exploit
    in various ViRobot antivirus programs    , including ViRobot Expert 4.0, ViRobot
    Linux Server 2.0, ViRobot Advanced Server, and HAURI LiveCall. A patch
    is available     for ViRobot Linux Server 2.0, and users should update other
    programs to the latest versions.
  • A
    number of critical, remotely executable vulnerabilities have surfaced in a
    large group of Computer Associates products. These vulnerabilities affect
    far too many products and versions to list here, so check out FrSIRT’s report
    or visit Computer
    Associates’ Online Support Web site     for more information.
  • A
    critical, remotely executable vulnerability has emerged in Electronic Mail
    for UNIX (ELM) versions prior to 2.5-PL8. For more details, see the FrSIRT
    report    .
  • If you
    thought that hackers were mostly a U.S. and Eastern European phenomenon—or
    that other countries are simply turning a blind eye to the threat—you
    should know that Brazil isn’t a safe haven for hackers. According to a
    report on the Australian IT Web site, Brazilian police made one
    of the biggest crackdowns on electronic crime     in the country last week, issuing arrest warrants for
    more than 100 bank account hackers in the South American country.
    Online fraud complaints in Brazil have reportedly surged more than 1,000
    percent in the second quarter of 2005.
  • According
    to a Secunia report,
    Chris Moneymaker’s—yes, that’s his real name—World Poker Championship
    software contains a critical buffer overflow vulnerability. While you may
    think this is a silly item to include, interest in online poker games is surging—and
    you can bet that some employees are playing it on the sly instead of
    solitaire. For more information, see the original advisory.
  • And
    you knew we’d have to get back to Microsoft sooner or later. The software
    giant is about to release a special
    anti-phishing tool     for Windows XP and Windows Server 2003 Internet Explorer
    6, a tool also intended to be part of IE7. A pop-up warning that triggers
    when you navigate to a suspicious site, the Microsoft Phishing Filter
    add-in should soon be available in test form.
  • Users of
    MSN Messenger should be aware of new threats. Both the Tixanbot
    Trojan     and the Guapim
    worm     have surfaced recently.
  • Finally,
    there has been a surge of slightly more dangerous malware recently,
    including Zotob variants, Mytob variants, and Kelvir. While these are all
    pretty low-grade worms and viruses—barely above the lowest danger and
    distribution levels—they’re notable because this is a higher level of
    incidents than we’ve seen for several months.

Final word

These vulnerabilities have the potential to be very
widespread. Of course, as I always say, any vulnerability is serious if it
affects your system and causes you to spend time removing it or recovering from
the attack. However, the largest threat in terms of possible vulnerable systems
(the Acrobat buffer overrun) is far more likely to cause Acrobat and possibly
the operating system to crash than it is to allow someone to actually penetrate
your system.

Personally, I’ve never had a crash occur at a good time, so I don’t really find this
particularly comforting. But I thought I should mention that it probably isn’t going
to turn into a major threat.

After all, even the users who open every e-mail attachment
or link would probably hesitate to take the time to load in an Acrobat file
from some stranger. Then again, people seem to rush to give out bank account
numbers and their social security numbers, so perhaps they will open random PDF
files.

Here’s one tip to pass on to such users: If you’re concerned
about the contents and safety of an Acrobat file on the Web or just have
problems loading it, try Googling it and clicking the View As HTML option to determine
if it really is worth loading.

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.