Security Threat Watch Update

Compliments of today's Security Threat Watch newsletter: There have been a number of interesting vulnerabilities this week. Microsoft released a patch for a vulnerability in JPEG graphic parsing in various GDI libraries. Part of the problem with this bug is...

September 20, 2004

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Compliments of today's Security Threat Watch newsletter:

There have been a number of interesting vulnerabilities this week.Microsoft released a patch for a vulnerability in JPEG graphic parsingin various GDI libraries. Part of the problem with this bug is thatvarious applications are supposed to ship their own versions of the GDIlibraries, which means you literally have to search your file system forvulnerable files to update. Then there is the issue of whether thethird-party application will even function correctly with the newer GDIlibrary.

Multiple vulnerabilities have been found in the Mozilla applicationsuite (Mozilla, Firefox and Thunderbird). Some of these bugs have beenreported before, but we thought we'd re-report the collected advisory.

Lastly, Corsaire released a large number of advisories relating to theimproper parsing of MIME documents by various products. The exact impactis product-specific, but improper MIME parsing can be exploited directly(buffer overflows, etc.) or indirectly (bypassing virus scanninggateways, creating malicious attachments, etc.). The slew of advisoriesare collected in this issue under a single entry with the title"Multiple vendors: various MIME interpretation problems."

Shameless plug: This is just the introduction to a complete listing of vulnerabilities and patches organized by platform. You can get the whole kit and caboodle by signing up for this free, weekly newsletter, created by a great bunch of security wonks at Neohapsis.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights