Fixes arrive for Cisco Security Agent, OpenOffice
By secgeeks - Posted on December 6th, 2007
171
vote
Two patching items to report this morning: one affecting Cisco Security Agent (CSA), the other OpenOffice.
First, the CSA flaw, as described in Cisco advisory cisco-sa-20071205-csa: A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution. The vulnerability is triggered during processing of a crafted TCP segment destined to TCP port 139 or 445. These ports are used by the Microsoft Server Message Block (SMB) protocol.
Cisco has released free software updates that address this vulnerability.
Next, the OpenOffice issue as described in CVE-2007-4575: A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. All versions prior to OpenOffice.org 2.3.1 are affected.
This issue is addressed in HSQLDB 1.8.0.9 and OpenOffice.org 2.3.1.
Bookmark/Search this post with:
Trackback URL for this post:
http://secgeeks.com/trackback/1287
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago