Panda ActiveScan vulns - update available
FYI...
Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecurity.com/activescan
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156
:fear:
Trend Micro OfficeScan multiple vulns - update available
FYI...
Trend Micro OfficeScan multiple vulns - update available
- http://secunia.com/advisories/32097/
Release Date: 2008-10-02
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 8.x
...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.
Solution: Apply patches.
Trend Micro OfficeScan 8.0 Service Pack 1:
http://www.trendmicro.com/ftp/produc...atch_B2439.exe
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
http://www.trendmicro.com/ftp/produc...Patch_3087.exe
Original Advisory: ...Trend Micro:
http://www.trendmicro.com/ftp/docume...439_Readme.txt
http://www.trendmicro.com/ftp/docume...087_Readme.txt
:fear:
F-Secure vuln - update available
FYI...
F-Secure vuln - update available
- http://secunia.com/advisories/32352/
Release Date: 2008-10-21
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches (please see the vendor's advisory for details).
Original Advisory: FSC-2008-3:
http://www.f-secure.com/security/fsc-2008-3.shtml ...
:fear:
AV "false positive" system killers
FYI...
McAfee update classifies Vista component as a Trojan
- http://www.theregister.co.uk/2008/10...n_false_alert/
21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."
* http://us.mcafee.com/virusInfo/defau...virus_k=100683
AVG flags ZoneAlarm as malware
- http://news.cnet.com/8301-1009_3-10067148-83.html
October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."
- http://www.theregister.co.uk/2008/10...n_false_alarm/
16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."
:fear::spider::sad:
ClamAV vuln - update available
FYI...
ClamAV vuln - update available
- http://secunia.com/advisories/32663/
Release Date: 2008-11-10
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.94.1.
> http://sourceforge.net/project/shown...group_id=86638
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
Also see: ClamWin Free Antivirus 0.94.1 released
- http://www.clamwin.com/content/view/205/1/
Download:
- http://www.clamwin.com/content/view/18/46/
Version 0.94.1; 24.5MB
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-5050
:fear: