SecurityFocus Microsoft Newsletter #424 ----------------------------------------
This issue is sponsored by Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks. http://www.purewire.com/lp/sec SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Exclude Bad ISPs 2.Standing on Other's Shoulders II. MICROSOFT VULNERABILITY SUMMARY 1. Adobe Flash Player Unspecified Remote Security Vulnerability 2. Mozilla Thunderbird Malformed MIME Message Denial Of Service Vulnerability 3. Microsoft Internet Explorer 'Scripting.FileSystem' Security Bypass Vulnerability 4. Kerio MailServer WebMail Multiple Cross Site Scripting Vulnerabilities 5. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness 6. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability 7. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability 8. Microsoft WordPad Text Converter Remote Code Execution Vulnerability 9. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability 10. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability 11. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability 12. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability 13. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability 14. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability 15. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability 16. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability 17. Microsoft SharePoint Server Unauthorized Access Vulnerability 18. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability 19. Microsoft Windows GDI WMF Integer Overflow Vulnerability 20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability 21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability 22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability 23. Microsoft Charts ActiveX Control Memory Corruption Vulnerability 24. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability 25. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability 26. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability 27. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability 28. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability 29. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability 30. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability 31. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability 32. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability 33. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability 34. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability 35. Microsoft Word Malformed Value Remote Code Execution Vulnerability 36. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability 37. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability 38. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #423 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time to Exclude Bad ISPs By Oliver Day In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam. http://www.securityfocus.com/columnists/487 2. Standing on Other's Shoulders By Chris Wysopal "If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build. http://www.securityfocus.com/columnists/486 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Adobe Flash Player Unspecified Remote Security Vulnerability BugTraq ID: 32896 Remote: Yes Date Published: 2008-12-17 Relevant URL: http://www.securityfocus.com/bid/32896 Summary: Adobe Flash Player is prone to an unspecified security vulnerability. Remote attackers may exploit this vulnerability to compromise an affected computer. No further technical details are currently available. We will update this BID as more information emerges. This issue affects Flash Player on Linux platforms. Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable. 2. Mozilla Thunderbird Malformed MIME Message Denial Of Service Vulnerability BugTraq ID: 32869 Remote: Yes Date Published: 2008-12-08 Relevant URL: http://www.securityfocus.com/bid/32869 Summary: Mozilla Thunderbird is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multipart MIME messages. An attacker can exploit this issue to crash the application during delivery. 3. Microsoft Internet Explorer 'Scripting.FileSystem' Security Bypass Vulnerability BugTraq ID: 32868 Remote: Yes Date Published: 2008-12-16 Relevant URL: http://www.securityfocus.com/bid/32868 Summary: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. This issue occurs when the Internet Explorer configuration option 'Initialize and script ActiveX controls not marked safe' is enabled. This option is most likely to be set for the 'Local' or 'Intranet' security zones. An attacker may be able to download and execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). This may aid in further attacks. 4. Kerio MailServer WebMail Multiple Cross Site Scripting Vulnerabilities BugTraq ID: 32863 Remote: Yes Date Published: 2008-12-16 Relevant URL: http://www.securityfocus.com/bid/32863 Summary: Kerio MailServer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Kerio MailServer 6.6.1 build 7069 for Windows is affected by the issue; other versions may also be vulnerable. 5. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness BugTraq ID: 32780 Remote: Yes Date Published: 2008-12-11 Relevant URL: http://www.securityfocus.com/bid/32780 Summary: Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications. Attackers may be able to bypass this filter under certain conditions, such as by taking advantage of an existing vulnerability in a web application. Internet Explorer 8 beta 2 is vulnerable. 6. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability BugTraq ID: 32764 Remote: Yes Date Published: 2008-12-10 Relevant URL: http://www.securityfocus.com/bid/32764 Summary: Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely crash the affected 'LDBserver' service. 7. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability BugTraq ID: 32721 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32721 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. NOTE: Symantec has received reports that this issue is being actively exploited in the wild. 8. Microsoft WordPad Text Converter Remote Code Execution Vulnerability BugTraq ID: 32718 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32718 Summary: Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. 9. Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability BugTraq ID: 32710 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32710 Summary: Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects the following: Microsoft SQL Server 2000 Microsoft SQL Server 2005 10. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability BugTraq ID: 32702 Remote: Yes Date Published: 2008-12-08 Relevant URL: http://www.securityfocus.com/bid/32702 Summary: Microsoft Outlook Express is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multipart MIME messages. An attacker can exploit this issue to crash the application during delivery. 11. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability BugTraq ID: 32687 Remote: Yes Date Published: 2008-12-08 Relevant URL: http://www.securityfocus.com/bid/32687 Summary: RadASM is prone to a command-execution vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary commands in the context of the application. This may aid in further attacks. RadASM 2.2.1.5 is vulnerable; other versions may also be affected. NOTE: This BID is being retired because it has been determined not to be a vulnerability. 12. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability BugTraq ID: 32654 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32654 Summary: Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' (Intra-Site Automatic Tunnel Addressing Protocol) URLs. An attacker can use this vulnerability to obtain information that may aid in further attacks. 13. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability BugTraq ID: 32653 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32653 Summary: Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN (Service Principle Name) implementation. A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user. 14. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability BugTraq ID: 32652 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32652 Summary: Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. This issue affects Windows Vista and Windows Server 2008. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 15. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability BugTraq ID: 32651 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32651 Summary: Microsoft Windows is prone to a remote code-execution vulnerability because Windows Explorer fails to correctly free memory when saving the Windows Search saved-search files. Attackers may exploit this issue by enticing victims into opening and saving a maliciously crafted saved-search file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Windows Vista and Windows Server 2008. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 16. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability BugTraq ID: 32642 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32642 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 17. Microsoft SharePoint Server Unauthorized Access Vulnerability BugTraq ID: 32638 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32638 Summary: Microsoft SharePoint Server is prone to a vulnerability that could let remote attackers gain unauthorized access. A successful exploit will let attackers access certain administrative functions of the SharePoint Server. 18. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability BugTraq ID: 32637 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32637 Summary: The GDI component of Microsoft Windows is prone to a heap-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. 19. Microsoft Windows GDI WMF Integer Overflow Vulnerability BugTraq ID: 32634 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32634 Summary: The GDI component of Microsoft Windows is prone to an integer-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. 20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability BugTraq ID: 32622 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32622 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability BugTraq ID: 32621 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32621 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability BugTraq ID: 32618 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32618 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 23. Microsoft Charts ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32614 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32614 Summary: Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 24. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability BugTraq ID: 32613 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32613 Summary: Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 25. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32612 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32612 Summary: Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. Microsoft Hierarchical FlexGrid Control 6.0.88.4 is vulnerable; other versions may also be affected. The control is bundled with Microsoft Visual Basic 6.0 and Microsoft Visual FoxPro 8.0 SP1 and 9.0 SP 2. 26. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability BugTraq ID: 32596 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32596 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 27. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability BugTraq ID: 32595 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32595 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 28. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability BugTraq ID: 32594 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32594 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 29. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability BugTraq ID: 32593 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32593 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 30. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32592 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32592 Summary: Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 31. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32591 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32591 Summary: Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 32. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability BugTraq ID: 32586 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32586 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 33. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability BugTraq ID: 32585 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32585 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 34. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability BugTraq ID: 32584 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32584 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 35. Microsoft Word Malformed Value Remote Code Execution Vulnerability BugTraq ID: 32583 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32583 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 36. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability BugTraq ID: 32581 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32581 Summary: Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 37. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability BugTraq ID: 32580 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32580 Summary: Microsoft Word is prone to a heap-based memory-corruption vulnerability. An attacker can exploit this issue by sending a specially crafted Word file to an unsuspecting user and enticing them to open it with a vulnerable application. A successful exploit will allow attackers to execute arbitrary code within the context of the user running the affected application. 38. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability BugTraq ID: 32579 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32579 Summary: Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #423 http://www.securityfocus.com/archive/88/499173 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks. http://www.purewire.com/lp/sec
