Security Watch Letter: Adware, Phishing Plague IE Users
Browser vulnerabilities persist and Real Player has real hole. Plus: Define trusted sites in IEWhile no attacks have been documented, Secunia reports that iDefense and eEye Digital Security have found a highly critical flaw in RealPlayer. Several versions of RealOne and RealPlayer have been found to have a buffer overflow vulnerability that could allow remote execution of arbitrary code on a victims system. RealNetworks has confirmed the problem and has issued a patch. See our Security Bulletins section for more information. Microsofts Patch Tuesday brought the release of two moderate severity level patches. For most users, the first security bulletin, MS04-016, only applies if you play multi-user online games or use graphics packages that use iDirectPlay4, a component in DirectX versions 7.0 9.0b. The other security bulletin is with 3rd party .NET application Crystal Reports. The flaw can allow an attacker to view and delete a users files, and DoS attacks, but is mostly a server side problem and wont affect most users. See our Security Bulletins and Updates section for more on this. A newly discovered flaw in Internet Explorer can give phishers yet another tool for spoofing, even in a fully patched version of IE. The vulnerability can allow an attacker to gain privileged access to a victims system though a flaw in IEs security zone handling. For more information, see our top threat.
Another unpatched vulnerability in Internet Explorer is currently being used by malicious web sites to install adware on unsuspecting users machines. The flaw is rated extremely critical by in a Secunia report, and several websites have been documented as using the exploit. For more information see our Security Bulletins and Updates section.