OpenOffice 3.1.1 was actually released last week... however, I am mentioning it today, by virtue of the following advisory, which has been copied/pasted from http://secunia.com/advisories/35036/ :
Description: Secunia Research has discovered two [highly critical] vulnerabilities in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
1) An integer underflow error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document.
2) A boundary error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 3.1.0. Prior versions may also be affected.
Opera 10 is now available: "showcases a sleek new design coupled with our new Turbo technology, which keeps Web pages loading lightning fast, even if your connection slows down".
Description: Some [moderately critical] vulnerabilities and security issues have been reported in Opera [9.x], which can be exploited by malicious people to conduct spoofing attacks.
1) An error in the handling of intermediate certificates can result in a revoked certificate being shown as secure.
2) An error related to the collapsed address bar can result in the previous domain being shown in the address bar instead of the domain of the present site.
3) An error in the handling of certain unicode characters in the address bar can be exploited to conduct limited spoofing attacks via International Domain Names (IDN).
4) An error in the handling of certificates, which use a wild card immediately before the top level domain, or nulls in the domain name can be exploited to bypass validation checks and incorrectly present a certificate as secure.
ky331
3 Apprentice
•
15.6K Posts
0
September 1st, 2009 07:00
OpenOffice 3.1.1 was actually released last week... however, I am mentioning it today, by virtue of the following advisory, which has been copied/pasted from http://secunia.com/advisories/35036/ :
Description:
Secunia Research has discovered two [highly critical] vulnerabilities in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
1) An integer underflow error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document.
2) A boundary error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 3.1.0. Prior versions may also be affected.
Solution:
Update to version 3.1.1.
------------------
For those not familiar with it, OpenOffice is a legally-free "clone" of Microsoft Office: its Writer is a clone a WORD; its CALC is a clone of EXCEL. For more information, see http://www.calendarofupdates.com/updates/index.php?act=calendar&cal_id=1&code=showevent&event_id=59955
Be advised this is a HUGE download --- over 136 MEG (and that's without including JAVA)!!
ky331
3 Apprentice
•
15.6K Posts
0
September 1st, 2009 07:00
Opera 10 is now available: "showcases a sleek new design coupled with our new Turbo technology, which keeps Web pages loading lightning fast, even if your connection slows down".
Change Log: http://www.opera.com/docs/changelogs/windows/1000/
Download: http://www.opera.com/download/
-----
Pertaining to this Opera update, the following additional information has been copied/pasted from http://secunia.com/advisories/36414/ :
Description:
Some [moderately critical] vulnerabilities and security issues have been reported in Opera [9.x], which can be exploited by malicious people to conduct spoofing attacks.
1) An error in the handling of intermediate certificates can result in a revoked certificate being shown as secure.
2) An error related to the collapsed address bar can result in the previous domain being shown in the address bar instead of the domain of the present site.
3) An error in the handling of certain unicode characters in the address bar can be exploited to conduct limited spoofing attacks via International Domain Names (IDN).
4) An error in the handling of certificates, which use a wild card immediately before the top level domain, or nulls in the domain name can be exploited to bypass validation checks and incorrectly present a certificate as secure.
Solution:
Upgrade to version 10.0.
joe53
2 Intern
•
5.8K Posts
0
September 1st, 2009 13:00
Opera 10 has some nice features, and is fast. If WOT worked with it, I'd consider making it my default browser.
Odd that Secunia's PSI recognizes it as a patched product, yet does not list it under its Secure Browsing tab (yet).
joe53
2 Intern
•
5.8K Posts
0
September 1st, 2009 14:00
IP Blocklist For OA and OP Firewalls Update
Total Blocked IPs: 12,235 blocking over 30,500 bad domain and IP
http://www.calendarofupdates.com/updates/index.php?act=calendar&code=showevent&calendar_id=1&event_id=60110