<<<
Monday, December 10, 2007
>>>
 
Security Advisories Posted by Sean @ 11:48 GMT

Two recommended updates — potentially serious vulnerabilities — no in-the-wild exploits reported.

Open Office.Org Advisory

CVE-2007-4575

OpenOffice.org, a popular office suite application, contains a security vulnerability in the default database engine for all versions prior to OpenOffice.org 2.3.1.

Database documents may allow attackers to execute arbitrary code. Updating to version 2.3.1 is the recommended solution.

VLC Advisory

CVE-2007-6262

VLC media player, a free media player application by the VideoLAN project, contains a vulnerability in its ActiveX plugin that could allow specifically crafted websites to execute arbitrary code.

The vulnerability is limited to the local user's privileges and exploitation requires the user to visit a maliciously crafted website using VLC media player's ActiveX plugin.

Avoiding the ActiveX plugin is an available workaround. The plugin is an optional component during VLC installation.

Updating to version 0.8.6d resolves the issue.






<<< Data Security Summary - July to December 2007
|
Cheers from Africa >>>