SecuriTeam has released a PoC exploiting Excel 2003. Execution
of arbitrary code is possible due to the improper handling of user
input in files.

A vulnerability in Windows Live Messenger has been reported by
JAAScois. The vulnerability is exploited by loading a specially
crafted contact list (*.ctt) file which causes an overflow allowing
arbitrary code to be executed.

From the point of view of a malicious user, he can just send the
specially crafted .ctt file through e-mail and social engineer a
target user to load the contact list to Windows Live Messenger thus
exploiting the target user’s system.

More information can be found here.

Ok, there were no much entries these past days and I want to share some updates.

• There’s another variant of the W97M_DLOADER, detected as W97M_DLOADER.BVS, which arrives as a .doc file attached to spammed email. It drops a Trojan downloader which is also detected as TROJ_DLOADER.BVS.
  
  
  
• Mac OS X 10.4.7 Update
  
  

  This update fixes multiple vulnerabilities found in version 10.4.6 and below.

  AFP : (CVE-ID: CVE-2006-1468)
  - File and folder names may be disclosed to unauthorized users
  
  ClamAV: (CVE-ID-2006-1989)
  - When virus scanning is configured to update automatically, a malicious database mirror may cause arbitrary code execution
  
  ImageIO: (CVE-ID-2006-1469)
  - Viewing a maliciously-crafted TIFF image may result in an application crash or arbitrary code execution
  
  Launchd: (CVE-ID-2006-1471 )
  - Local users may gain elevated privileges
  
  OpenLDAP: (CVE-ID-2006-1470)
  - Remote attackers may cause Open Directory server to crash
  
  
  

  You may get your updates by visiting Apple’s support page.

  
  

  References:

  
  
  
  
  • http://www.apple.com/support/downloads/
    
  • http://docs.info.apple.com/article.html?artnum=303973
    
  • http://www.securityfocus.com/bid/18686/info
  
  
  
  
• An IRC bot, to be detected as BKDR_IRCBOT.CR, targeting the irc.shadowfire.org IRC server submitted to the Service team for further analysis and detection.

Apple recently released an update for its Mac OS X. As fate would have it, soon after the release of the update, a security researcher at Digital Munition (Kevin Finisterre) released Proof of Concept code that takes advantage of a vulnerability in the Mac OS X component called ‘launchd’. This is highly exploitable and can be used to execute arbitrary code with elevated priveleges.

The creator of the said exploit code just happens to be the same guy who created the InqTana proof of concept worm. The InqTana Worm was a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X v10.4.

The good news is that this issue has already been resolved in Apple’s latest update (Mac OS X 10.4.7) which can be found here. It is highly advised for all Mac users to update to the latest relase ASAP (as soon as possible) to avoid any problems with their software.

Trend will detect this exploit code as PERL_NIVEK.A. This is currently being handled by our service team. We will update you as soon as the pattern is released.

Metasploit Framework has just released a PoC regarding the
MS06-25 Vulnerability. The code is also posted on Milw0rm.com website.

For more information on the vulnerability and its suggested
workarounds, please see the Microsoft site.