Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Six ActiveX Vulnerabilities This Week

Published: 2008-02-04
Last Updated: 2008-02-05 19:52:38 UTC
by Mari Nichols (Version: 3)
0 comment(s)

Symantec is reporting a total of six buffer-overflow vulnerabilities that affect a number of widely distributed ActiveX controls have been disclosed in the past week. We are unaware of any public exploitation of these vulnerabilities. However, the Symantec DeepSight team has confirmed that these issues can be used to execute code or crash the vulnerable applications. 

Admins are advised to set the kill bit for the following CLSIDs as soon as possible:

Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx') 

Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5') 

Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0                                                           

Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139                                                 

Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C.

UPDATE: The early reporting on this issue listed an incorrect CLSID for the Yahoo! DataGrid.  This has been corrected above.  Most other reports list an additional "2" at the end of the CLSID.

Security Awareness updates should be issued warning of Active X controls and safe browsing.

Read the original article for more information.

Fair Winds, Mari Nichols


UPDATE:  Exceptions

"...Note that the MySpace ImageUploader library has not been reported to be affected by these new vulnerabilities*... Set the kill bit for the following CLSIDs as soon as possible... Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0 **..."

* Exception:

** Exception:


0 comment(s)

And yet another cable break in the mid east

Published: 2008-02-04
Last Updated: 2008-02-04 02:18:18 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

On NANOG are reports of yet another submarine cable in the middle east that was damaged Sunday. It's a cable between Haloul, Qatar and Das, United Arab Emirates.

Also interesting is that Egypt claims no ship were near two of the previous cable cuts.

Now even in the face of this many concurrent submarine cable losses, most will still have (reduced) service, so it's not a reason to panic just yet. See a.o. the renesys blog for reasons not to jump to conclusions too fast.

Still designing for a quadruple failure isn't the most trivial nor economical solution in all cases, especially not when dealing with expensive submarine links.

Submarine cables are essential for the Internet traffic as they are low latency. Geostationary satellites induce -due to the distance they must be at- significant additional delay on the packets, causing trouble for interactive work over those links.

It's a good reminder for those of us who "only" account for double failures when designing systems and networks.

A good question to pose yourself for business critical applications: what if we had a quadruple failure?
It's a good mental exercise for verifying and potentially enhancing your Business Continuity Plan (BCP) and your Disaster Recovery Plan (DRP). Still keep in mind designing for this level of failures in unused capacity (redundancy) will have significant costs associated with it.

Swa Frantzen -- Gorilla Security

0 comment(s)
Diary Archives