Daily Report Thursday, November 9, 2006

Daily Highlights

The Social Security Administration on Tuesday, November 7, warned of a new e−mail scam in which recipients are asked to update their personal information or risk having their Social Security "account" suspended indefinitely by November 11. (See item 12)

The Associated Press reports biologists at Mississippi State University are studying safer vaccines for whooping cough, which can sometimes lead to brain damage or death. (See item 24)

Information Technology and Telecommunications Sector

30. November 08, Security Focus — Mozilla multiple products remote vulnerabilities. The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to execute arbitrary machine code in the context of the vulnerable application; crash affected applications; run arbitrary script code with elevated privileges; gain access to potentially sensitive information; and carry out cross−domain scripting attacks. Other attacks may also be possible. These issues are fixed in: − Mozilla Firefox version, Mozilla Thunderbird version, and Mozilla SeaMonkey version 1.0.3. Solution: http://www.securityfocus.com/bid/19181/solution
Source: http://www.securityfocus.com/bid/19181/discuss

31. November 08, Security Focus — Adobe Flash Player multiple remote code execution vulnerabilities. Adobe Flash Player is prone to multiple remote code−execution vulnerabilities because it fails to properly sanitize user−supplied input. An attacker could exploit this issue by creating a media file containing large, dynamically generated string data and submitting it to be processed by the media player. These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Other attacks are also possible. Adobe Flash Player and prior, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX, and 2004Adobe Flex 1.5 are affected. Solution: http://www.securityfocus.com/bid/19980/solution
Source: http://www.securityfocus.com/bid/19980/discuss

32. November 08, Security Focus — America Online ICQ ActiveX Control remote code execution vulnerability. The America Online ICQ ActiveX Control is prone to a remote code−execution vulnerability. An attacker could exploit this issue simply by sending a message to a victim ICQ user. Exploiting this issue could allow an attacker to execute arbitrary code. The ICQPhone.SipxPhoneManager ActiveX control with a CLSID of 54BDE6EC−F42F−4500−AC46−905177444300 is affected.
Solution: The vendor has released a fix to resolve this issue. This fix is automatically applied when connecting to the America Online ICQ service.
Source: http://www.securityfocus.com/bid/20930/discuss