Here's a collection of recent security vulnerabilities and alerts, which covers the availability of a hotfix and patch for vulnerabilities in Plone CMS and Xpdf respectively, and a remotely exploitable vulnerability in SSReader ActiveX control.
- Hotfix released for critical vulnerabilities in Plone CMS
Updates to fix two critical vulnerabilities in the Plone CMS have been released. Exploitation of this vulnerability allows an attacker to run arbitrary python code within the Zope/Plone process.
This hotfix applies to Plone 2.5 up to and including 2.5.4, and Plone 3.0 up to and including 3.0.2. These fixes will be included in the upcoming 2.5.5 and 3.0.3 releases, at which point this hotfix can be removed. Earlier plone releases (versions 2.1.x and below) are not affected.
- Patch released for vulnerabilities in Xpdf
Several vulnerabilities has been discovered in the open source Xpdf PDF viewer. A code injection attack can result from simply opening a specially crafted PDF document.
All the flaws are located in the Stream.cc source file. Firstly, memory can be corrupted by improper array indexing in the function DCTStream::readProgressiveDataUnit(). Secondly, an integer overflow in DCTStream::reset() can cause a buffer overflow on the heap. Thirdly, a flaw in CCITTFaxStream::lookChar() can also cause a heap-based buffer overflow.
The developers have already released a source code patch. You can download the patches here.
- Vulnerability in SSReader ActiveX Control
A vulnerability has been identified in SSReader, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the "pdg2.dll" ActiveX control when processing an overly long argument passed to the "Register()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
There is no official patch for this issue at the moment, though Secunia recommends setting the kill-bit for the affected ActiveX control.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.