Only a little more than a week after September Patch Tuesday, expect to download more software patches to keep your computer updated and protected from malware threats.
Update 1: Microsoft Service Pack 3
Microsoft recently released Service Pack 3 for Microsoft Office 2003, incorporating SP1, SP2, and other Office 2003 updates up to August 2007. The new service pack also incorporates other bug fixes that affect the user experience.
Related links: Download page KB Entry
Update 2: Mozilla Firefox 184.108.40.206
Mozilla Firefox recently updated to version 220.127.116.11, preventing a vulnerability of the Apple QuickTime Plug-in from performing remote code execution.
Related Link: Download Page
Unpatched Vulnerability 1: Apple QuickTime version 18.104.22.168
The Firefox update above resolves the issue raised by Petko D. Petkov, which details how a simple quicktime file can execute arbitrary code from the said browser. In his report, a QTL file which serves as an encapsulation for loading a real media file, can contain a qtnext field which may have parameters in execution of code thru Firefox. So, users can just avoid the link from a Web site if the file in the link has an extension in .QTL, right? Wrong. The file can be renamed as .MP3 or .MOV (or any file extension supported by QT) and the file would still be processed as a QTL file. The exploit has been verified to work on Firefox 22.214.171.124 (thus necessitating the update) and the latest QuickTime version 126.96.36.199 (still unpatched).
Related Links: Mozilla Vulnerability Page Petko D. Petkov’s Blog CVE Entry
Unpatched Vulnerability 2: Microsoft MFC42 and MFC71 Heap Overflow Allows RCE
Jonathan Sarba from GoodFellas Security Research Team recently disclosed the Findfile Class implementation in the MFC42 and MFC71 library lacks checking of the buffer, allowing a heap overflow to execute arbitrary code. Any application using CFileFind::FindFile from MFC42.DLL and MFC71.dll may be susceptible to this attack. If you remember, a previous MFC vulnerability was patched last June. Considering the possibilities, could there be an upcoming Month of MFC Bugs?
Related links: Jonathan Sarba’s Disclosure MS07-12