Security Hero Rotating Header Image

November, 2007:

Cisco Unified IP Phone Remote Eavesdropping

Cisco Unified IP Phone Remote Eavesdropping

This is the Cisco PSIRT response to a presentation given at the Hack.Lu 2007 security conference by Joffery Czarny of Telindus regarding a technique to remotely eavesdrop using Cisco Unified IP Phones.

URL: http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html

DNS Survey Reveals Many Systems Still Vulnerable to Attacks Despite Some Marked Improvements

DNS Survey Reveals Many Systems Still Vulnerable to Attacks Despite Some Marked Improvements

Infoblox Inc., a developer of appliances that deliver “utility-grade” core network services, and The Measurement Factory, experts in performance testing and protocol compliance, today announced results from the third-annual survey of domain name servers on the public Internet.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/Qd7JM7CpqJo/release.cfm

URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution – 11/13/2007

Microsoft Security Advisory (943521): URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution – 11/13/2007

Revision Note: Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-061 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-061. The vulnerability addressed is the Windows URI Handling Vulnerability – CVE-2007-3896.

URL: http://www.microsoft.com/technet/security/advisory/943521.mspx

Cisco Unified MeetingPlace XSS Vulnerability (November 2007)

Cisco Unified MeetingPlace XSS Vulnerability (November 2007)

This is the Cisco PSIRT response to an issue that was discovered and reported to Cisco by Joren McReynolds regarding a cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing.

URL: http://www.cisco.com/en/US/products/products_security_response09186a00808f0b8f.html