Page 2 of 10 FirstFirst 123456 ... LastLast
Results 11 to 20 of 95

Thread: Multiple AV vendor vulns - archived

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Sophos AV vuln - updates available
    - http://secunia.com/advisories/26714/
    Release Date: 2007-09-07
    Critical: Moderately critical
    Impact: Cross Site Scripting
    Where: From remote
    Solution Status: Vendor Patch
    Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
    ...The vulnerability is reported in versions 6.x and 7.0.0.
    Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
    Original Advisory:
    http://www.sophos.com/support/knowle...cle/29150.html

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    AOL AV changes...
    - http://isc.sans.org/diary.html?storyid=3360
    Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."

    * http://www.activevirusshield.com/ant...eeav/index.adp

    ** http://safety.aol.com/isc/BasicSecurity/

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    Kaspersky AV DoS vuln - update 11.2007
    - http://secunia.com/advisories/26887/
    Last Update: 2007-09-25
    Critical: Not critical
    Impact: DoS
    Where: Local system
    Solution Status: Unpatched
    Software: Kaspersky Anti-Virus 6.x
    Kaspersky Anti-Virus 7.x
    Kaspersky Internet Security 6.x
    Kaspersky Internet Security 7.x
    ...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
    Solution: The vendor is reportedly working on an update to be released November 2007.
    Original Advisory: Kaspersky:
    http://www.kaspersky.com/technews?id=203038706
    "...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Kaspersky Online Scanner ActiveX Vuln
    - http://secunia.com/advisories/27187/
    Release Date: 2007-10-11
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Kaspersky Online Scanner 5.x
    ...The vulnerability affects versions 5.0.93.1 and prior.
    Solution: Update to version 5.0.98.0.
    http://www.kaspersky.com/kos/eng/par...avwebscan.html ...
    Original Advisory: Kaspersky:
    http://www.kaspersky.com/news?id=207575572 ...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    BitDefender Online Scanner ActiveX vuln - update available
    - http://secunia.com/advisories/27717/
    Release Date: 2007-11-21
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    ...Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0. Other versions may also be affected.
    Solution: Update to the latest version (OScan82.ocx).
    http://www.bitdefender.com/scan8/ie.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    avast! vuln - update available
    - http://secunia.com/advisories/27929/
    Last Update: 2007-12-06
    Critical: Highly critical
    Impact: Unknown
    Where: From remote
    Solution Status: Vendor Patch
    Software: avast! Home/Professional 4.x
    ...The vulnerability is reported in versions prior to 4.7.1098.
    Solution: Update to version 4.7.1098.
    http://www.avast.com/eng/download.html ...
    Original Advisory:
    http://www.avast.com/eng/avast-4-hom...n-history.html

    Last edited by AplusWebMaster; 2007-12-06 at 13:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Trend Micro AV plus AS 2008, Internet Security 2008, Internet Security Pro 2008
    - http://esupport.trendmicro.com/suppo...tentID=1036464
    12/10/07 - "...Remote memory corruption... long bogus file names from malformed ZIP files... Vulnerability only affects users with English Versions of TIS16 (Trend Micro Internet Security Pro, Trend Micro Internet Security/Virus Buster 2008) and TAV16 (TrendMicro Antivirus plus AntiSpyware 2008) build #1450 and older... You can download the TIS16.0 English language security patch here..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Clam AV vuln - update available

    FYI...

    Clam AV vuln - update available
    - http://secunia.com/advisories/28117/
    Release Date: 2007-12-19
    Critical: Highly critical
    Impact: DoS, System access
    Where: From remote
    ...The vulnerability is reported in versions prior to 0.92...
    Solution: Update to version 0.92.

    > http://www.clamav.org/
    ClamAV Virus Databases: main.cvd ver. released on 09 Dec 2007 15:50 +0000

    > http://www.clamwin.com/
    The latest version of Clamwin Free Antivirus is 0.91.2

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question

    FYI...

    - http://www.heise-security.co.uk/articles/100965
    21.12.2007 - "...The list of manufacturers of antivirus software with critical security problems reads like a Who's Who of the industry: the blacklist of Zoller and Alvarez includes Avast, Avira, BitDefender, CA, ClamAV, Eset NOD32, F-Secure, Grisoft AVG, Norman, Panda and Sophos. iDefense uncovered critical buffer overflows in Kaspersky's scanner, McAfee's VirusScan and Trend Micro's security products. Secunia found the same thing in Symantec's E-mail Security, and ISS/IBM XForce caught out Microsoft's security products. All of these appeared just this year, and the list is by no means complete: the n.runs specialists alone say they have discovered more than 80 critical holes and passed them on to the manufacturers. As far as they know, only some thirty of them have been closed so far..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    McAfee E-Business Svr vuln - update available
    - http://secunia.com/advisories/28408/
    Release Date: 2008-01-10
    Critical: Moderately critical
    Impact: System access, DoS
    Where: From local network
    Solution Status: Vendor Patch
    Software: McAfee e-Business Server 8.x
    ...The vulnerability affects versions 8.5.2 and prior on Windows.
    Solution: Update to version 8.5.3.
    Original Advisory: McAfee:
    https://knowledge.mcafee.com/article...AL_Public.html
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •