Microsoft points out possible attacks against Microsoft Windows (including Vista) exploiting a vulnerability in the way Windows handles animated cursor (.ani) files. This might lead to the execution of arbitrary code when a user visits a web site or views a specially crafted E-Mail. A patch will be available at the next patchday. Until then, only trusted sites should be visited and view E-Mail in plain text format only.

A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial-of-Service) by sending requests with specially crafted URLs to a vulnerable server. For some systems, a patch is available.

Sametime product ist a real-time online conferencing solution. Remote exploitation of a input validation vulnerability in Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. The IBM Lotus Sametime team has addressed this issue by removing the affected ActiveX control from the current version of their product. Additionally they have provided hotfixes for older versions.

Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of E-Mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. IBM Lotus has addressed this vulnerability in the 6.5.6 and 7.0.2 FP1 releases of Web Access.
Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause Denial-of-Service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. IBM Lotus has addressed this vulnerability in the 6.5.6 and 7.0.2 FP1 releases of Domino.

Several vulnereabilities were found in openoffice.org. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice to crash or possibly execute arbitrary code if the file was opened by a victim. A stack overflow was discovered in the StarCalc parser. Flaws were discovered in the way OpenOffice.org handled hyperlinks. Fixed packages are available now.

Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Servcie (DoS) condition. Cisco has made free software available to address these vulnerabilities for affected customers.

Due to insufficient length checking in iso(4) it is possible for a local user to cause an overflow, resulting in a local denial of service or local root compromise. Fixed packages are available now.

A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Fixed packages are available now.

A number of problems were discovered with the nas (Network Audio System) daemon that could be used to crash nasd. Fixed packages are available now.

SGI has released the Security Update #72 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in gnupg, seamonkey, and wireshark.
So it's recommended to install this update.

Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. Fixed software is available now.

Sun Java System Directory Server is an LDAP server distributed by Sun with multiple products. Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Fixed software is not available yet.

An integer underflow in the file_printf() function in 'file' allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Fixed software is available now.

InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. A patch is not available yet.

Several vulnerabilities were found in CA BrightStor ARCserv Backup that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. A patch is available now.

Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
Format string vulnerability in Inkscape allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.
Fixed packages are available now.

An off-by-one buffer overflow was discovered in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service. Fixed packages are available now.

Several vulnereabilities were found in openoffice.org. Several overflow bugs were found in libwpd which is used by OpenOffice. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice to crash or possibly execute arbitrary code if the file was opened by a victim. A stack overflow was discovered in the StarCalc parser. Flaws were discovered in the way OpenOffice.org handled hyperlinks. Fixed packages are available now.

Cisco IP Phone 7940/7960 SIP firmware version 7.4(0) is vulnerable to a denial of service attack by malicious SIP INVITE. Firmware version 8.6(0) is not vulnerable to this issue.

A vulnerability was found in KHTML, a component of the 'kdelibs' package. Remote attackers to conduct cross-site scripting (XSS) attacks.
Multiple vulnerabilities (buffer overflows, buffer underflow, format string) exist in php. These vulnerabilities may allow remote attackers to execute arbitrary code via a crafted data.
Fixed packages are available now.

A number of problems were discovered with the nas (Network Audio System) daemon that could be used to crash nasd. Fixed packages are available now.

By default, OpenAFS supports setuid programs within the local cell, which could allow attackers to obtain privileges. Fixed software is available now.

A format string vulnerability exists in iPhoto. Subscribing to a maliciously-crafted photocast may lead to arbitrary code execution. An update is available now.

Several vulnerabilities were discovered in the Linux 2.6 kernel. Fixed kernel packages are available now.

It was discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Fixed packages are available now.

Several overflow bugs were found in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. A patch is available now.

A security vulnerability in the Sun Java System Web Server may allow a local or remote user to gain authorized access to certain web server instances. A patch is available now.

It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion. Fixed packages are available now.

Remote exploitation of a divide by zero error in Trend Micro AntiVirus may allow attackers to cause a denial of service. The vulnerability exists in the kernel driver, VsapiNT.sys. A patch is available now.

Several security issues in ColorSync, CoreGraphics, Crash Reporter, CUPS, Disk Images, DS Plug-Ins, Flash Player, GNU Tar, HFS, HID Family, ImageIO, Kernel, MySQL Server, Networking, OpenSSH, Printing, QuickDraw Manager, servermgrd, SMB File Server, Software Update, sudo, and WebLog are fixed and bundled in the Security Update 2007-003, which is available now.

A vulnerability in the ICMP6 handling of the OpenBSD Kernel may allow remote compromise. A patch is available now.

Several vulnerabilities were found in the newly released Red Hat Enterprise Linux 5. Fixed packages are available now.

Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. Fixed packages are available now.

A security vulnerability in the JMX RMI-IIOP API may allow a local user who is able to create a JMX RMI-IIOP server application to gain unauthorized access to certain local data if a remote user who has privileges to access that data connects to that server application. Fixed software is available now.

The Sun Java Runtime Environment (JRE) and Java Developer Kit (JDK) contain multiple vulnerabilities that can allow a remote, unauthenticated user to execute arbitrary code on a vulnerable system. HP has made an updated package available.

A security vulnerability in the ipmitool(1m) utility may allow an unprivileged user to gain unauthorized administrative privileges and then be able to reset or power off a local or remote SunFire X2100M2 or SunFire X2200M2 server. Fixed firmware is available now.

Due to insufficient length checking in ktruser() as used by FreeBSD and Darwin compatibility code, it is possible for a user to cause an integer overflow, resulting in a local denial of service and potentially local root compromise. Fixed packages are available now.

Several security vulnerabilities were found in kdelibs, mplayer, xine-lib, tcpdump, and ekiga. Fixed packages are available now.

Microsoft Windows Explorer fails to properly handle malformed Office documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as crashing Windows Explorer. A patch is not available yet.

Novell NetMail contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Fixed software is available now.

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Fixed packages are available now.

Asterisk contains an unspecified vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition on a vulnerable system. Fixed software is available now.

Umount allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. Fixed packages are available now.

A potential security vulnerability has been identified with the version of GZIP delivered by HP-UX Software Distributor (SD). The vulnerability could be remotely exploited leading to a Denial of Service (DoS). HP has made an updated package available.

QuickTime contains vulnerabilities in the handling of five different media formats, potentially allowing a remote attacker to compromise the computer when the user visits a malicious web page or opens malicious files. Since QuickTime is supplied as a component of Apple iTunes, iTunes installations are also affected by these vulnerabilities. Fixed software is available now.

Scripts and applications using GnuPG are prone to a vulnerability in how signature verification information is shown to the end user. An attacker is able to add arbitrary content to a signed message. The receiver of the message (using a mail client such as Enigmail to read the message) will not be able to distinguish the forged and the properly signed parts of the message. Affected products include GnuPG, GPGME, Enigmail, KMail, Evolution, Sylpheed, Mutt, and GNUMail. Fixed software is available now.

mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user. Fixed packages are available now.

A vulnerability in the authentication mechanism used by the Legato NetWorker Management Console may allow an attacker to execute arbitrary commands. A patch is available now.

The Citrix Presentation Server Client for Windows includes support for making ICA connections through proxy servers. An implementation flaw in this functionality may allow an attacker to execute arbitrary code in the context of the client process. Fixed software is available now.

It was discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code. Fixed packages are available now.

Symantec Mail Security for SMTP contains a vulnerability that occurs when processing mail messages with malformed headers. A remote, unauthenticated attacker to execute arbitrary code, or create a denial of service condition. A patch is available now.

SGI has released the Security Update #71 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in seamonkey.
So it's recommended to install this update.

Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS). Cisco has made free software available to address this vulnerability.

Several vulnerabilities were discovered in the Linux 2.6 kernel. Fixed kernel packages are available now.