Home Programs Emergency management Response CCIRC Analytical releases2

Analytical releases2

	Menu
	Analytical releases Contact Cyber Duty Officer Encryption Products and advice International counterparts IT security resources SANS Top 20 Microsoft Security Cooperation Program About CCIRC

2006

• Update to Advisory AV06-026
  25 October 2006 (AV06-026)
• Oracle Critical Patch Update -- October 2006
  18 October 2006 (AV06-045)
• Sun releases security patches to address multiple vulnerabilities in Apache 1.3 for Solaris
  12 October 2006 (AV06-044)
• Microsoft Security Bulletin MS06-056 to MS06-065
  10 October 2006 (AV06-043)
• BrightStor ARCserve Backup (Buffer Overrun)
  6 October 2006 (AV06-042)
• McAfee ePolicy Orchestrator and ProtectionPilot Command Execution Vulnerability
  2 October 2006 (AV06-041)
• Microsoft Windows WebViewFolderIcon ActiveX integer overflow
  28 September 2006 (AV06-040)
• Update to Advisory AV06-022
  27 September 2006 (AV06-022)
• Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
  26 September 2006 (AV06-039)
• Cisco Guard Input Validation Flaw in Anti-Spoofing Feature Permits Cross-Site Scripting Attacks
  21 September 2006 (AV06-038)
• Cisco IOS Data Over Cable Service Interface Specification SNMP Access Issue
  21 September 2006 (AV06-037)
• Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities
  20 September 2006 (AV06-036)
• Mozilla Products Remote Code Execution and Cross Site Scripting Vulnerabilities
  15 September 2006 (AV06-035)
• HP OpenView Operations Remote Unauthorized Access and DoS Vulnerability
  14 September 2006 (AV06-034)
• Cisco CatOS and Cisco IOS VLAN Trunking Protocol Remote Command Execution Vulnerability
  14 September 2006 (AV06-033)
• Apple QuickTime Media Files Handling Buffer and Integer Overflow Vulnerabilities
  13 September 2006 (AV06-032)
• Adobe Macromedia Flash Player multiple remote code execution vulnerabilities
  13 September 2006 (AV06-031)
• Update to Advisory AV06-022
  13 September 2006 (AV06-022)
• Microsoft Security Bulletin MS06-052, MS06-053, MS06-054
  12 September 2006 (AV06-030)
• Cisco security response to: Cisco IOS GRE decapsulation vulnerability
  7 September 2006 (AV06-029)
• Update to Advisory AV06-028
  6 September 2006 (AV06-028)
• Multiple DoS vulnerabilities in the BIND 9 software
  5 September 2006 (AV06-028)
• Java Plug-in and Java Web Start Vulnerabilities
  24 August 2006 (AV06-027)
• Cisco VPN 3000 Concentrator FTP Management Vulnerabilities
  23 August 2006 (AV06-026)
• Unintentional Password Modification in Cisco Firewall Products
  23 August 2006 (AV06-025)
• Update to Advisory AV06-022
  23 August 2006 (AV06-022)
• BlackBerry Enterprise Server Word Document Buffer Overflow Vulnerability
  22 August 2006 (AV06-024)
• Symantec Security Advisory SYM06-014
  14 August 2006 (AV06-023)
• Public Exploit related to the Buffer Overflow Vulnerability in Microsoft Server Service (MS06-040)
  10 August 2006 (AL06-002)
• Microsoft Security Bulletin MS06-040, MS06-041, MS06-042, MS06-043, MS06-044, MS06-045, MS06-046, MS06-047, MS06-048, MS06-049, MS06-050, MS06-051
  8 August 2006 (AV06-022)
• Intel Centrino wireless LAN products vulnerabilities
  2 August 2006 (AV06-021)
• Oracle Critical Patch Update - July 2006
  19 July 2006 (AV06-020)
• Buffer overflow vulnerability in Adobe Acrobat
  13 July 2006 (AV06-019)
• Microsoft Security Bulletin MS06-033, MS06-034, MS06-035, MS06-036, MS06-037, MS06-038, MS06-039
  12 July 2006 (AV06-018)
• Update to Advisory AV06-017 
  28 June 2006 (AV06-017)
• Microsoft Security Bulletin Release
  13 June 2006 (AV06-017)
• Symantec Advisory SYM06-010
  27 May 2006 (AV06-016)
• Microsoft Security Bulletin MS06-018, MS06-019, MS06-020
  9 May 2006 (AV06-015)
• Update to Alert AL06-001
  9 May 2006 (AL06-001)
• Exploit possibly related to the Microsoft Security Bulletin MS06-014 vulnerability
  5 May 2006 (AL06-001)
• Vulnerabilities in MySQL
  4 May 2006 (AV06-014)
• Update to Advisory AV06-012 
  4 May 2006 (AV06-012)
• Update to Advisory AV06-011
  23 April 2006 (AV06-011)
• Update to Advisory AV06-011
  21 April 2006 (AV06-011)
• Multiple vulnerabilities in Oracle products
  20 April 2006 (AV06-013)
• Mozilla products contain multiple vulnerabilities
  18 April 2006 (AV06-012)
• Microsoft Security Bulletin MS06-013, MS06-014, MS06-015, MS06-016, MS06-017
  11 April 2006 (AV06-011)
• Microsoft Internet Explorer createTextRange Vulnerability
  23 March 2006 (AV06-010)
• Race condition in Sendmail may allow remote code execution
  22 March 2006 (AV06-009)
• Microsoft Security Bulletin MS06-012
  14 March 2006 (AV06-008)
• Oracle E-Business Suite Security Patch
  28 February 2006 (AV06-007)
• Microsoft Security Bulletin (MS06-004, MS06-005, MS06-006, MS06-007, MS06-008, MS06-009, MS06-010)
  14 February 2006 (AV06-006)
• Blackberry Enterprise Server vulnerability
  13 February 2006 (AV06-005)
• Multiple vulnerabilities in Winamp 5.12 and prior versions
  02 February 2006 (AV06-004)
• Update: Java Runtime Environment (JRE) Applet Privilege Escalation Vulnerability
  13 January 2006 (AV05-037)
• Update: Denial of Service vulnerabilities related to the Research in Motion BlackBerry
  11 January 2006 (AV06-001)
• AV06-002: Microsoft Security Bulletin MS06-002, MS06-003
  10 January 2006 (AV06-002)
• AV06-001: Denial of Service vulnerabilities related to the Research in Motion BlackBerry
  05 January 2006 (AV06-001)

2005

• Update: Microsoft Windows WMF Handling (0-day) Vulnerability
  29 December 2005 (AV05-038)
• Microsoft Windows WMF Handling (0-day) Vulnerability
  28 December 2005 (AV05-038)
• Java Runtime Environment (JRE) Applet Privilege Escalation Vulnerability
  29 November 2005 (AV05-037)
• Microsoft Internet Explorer window() Code Execution Vulnerability
  21 November 2005 (AV05-036)
• Multiple vulnerability issues in ISAKMP Protocol implementations
  14 November 2005 (AV05-035)
• CRITICAL Vulnerability in Microsoft Windows COM+ (MS05-051)
  12 October 2005 (AL05-002)
• MS05-052 Cumulative Security Update for Internet Explorer (896688)
  11 October 2005 (AV05-034)
• MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)
  11 October 2005 (AV05-033)
• MS05-050 Vulnerability in DirectShow Could Allow Remote Code Execution (904706)
  11 October 2005 (AV05-032)
• UPDATED: Vulnerability in Microsoft DDS Library Shape Control (Msdds.dll)
  22 August 2005 (AV05-031)
• Vulnerability in Microsoft DDS Library Shape Control (Msdds.dll)
  19 August 2005 (AV05-031)
• W32.Zotob.E,W32/ircbot.worm!ms05-039, WORM_RBOT.CBQ
  16 August 2005 (AL05-001)
• Microsoft Security Bulletin MS05-038, MS05-039, MS05-040, MS05-041, MS05-042 and MS05-043
  09 August 2005 (AV05-030)
• SANS Top 20 Internet Security Vulnerabilities Q2 2005
  25 July 2005 (IN05-002)
• Cisco Security Agent Vulnerable to Crafted IP Attack
  13 July 2005 (AV05-029)
• UPDATED: Microsoft Security Bulletins
  13 July 2005 (AV05-024)
• Oracle Critical Patch Update
  13 July 2005 (AV05-028)
• Microsoft Security Bulletin MS05-035, MS05-036, MS05-037
  12 July 2005 (AV05-027)
• UPDATED: Microsoft Security Advisory (903144) COM Object (Javaprxy.dll) Vulnerability
  07 July 2005 (AV05-026)
• Veritas Backup Exec Remote Agent for Windows Servers Authentication Buffer Overflow Vulnerability
  22 June 2005 (AV05-025)
• Targeted Trojan E-mail Attacks
  16 June 2005 (IN05-001)
• Microsoft Security Bulletins
  14 June 2005 (AV05-024)
• Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability
  01 June 2005 (AV05-023)
• Computer Associates Multiple Products Vet Engine Heap Overflow
  24 May 2005 (AV05-022)
• Microsoft Security Bulletin MS05-024
  07 May 2005 (AV05-021)
• Update to Advisory AV05-018
  25 April 2005 (AV05-018)
• Microsoft Jet DB engine vulnerabilities
  15 April 2005 (AV05-020)
• Oracle Critical Patch Update
  12 April 2005 (AV05-019)
• Microsoft Security Bulletin MS05-016, MS05-017, MS05-018, MS05-019, MS05-020, MS05-021, MS05-022, MS05-023
  12 April 2005 (AV05-018)
• Vulnerability Issues in ICMP packets with TCP payloads
  12 April 2005 (AV05-017)
• Mac OS X Security Update
  22 March 2005 (AV05-016)
• Sun Java Web Start Client Vulnerability
  18 March 2005 (AV05-015)
• McAfee overflow scanning LHA files
  18 March 2005 (AV05-014)
• Symantec DNS Cache Poisoning Hotfix
  16 March 2005 (AV05-013)
• Oracle Database 8i/9i Remote Directory Traversal Vulnerabilities
  08 March 2005 (AV05-012)
• Multiple Vendor loopback (land.c) Denial of Service Vulnerability
  08 March 2005 (AV05-011)
• Vulnerability with ARP Handling could cause System to Hang
  15 February 2005 (AV05-010)
• Barracuda Spam Firewall 200 Open Mail Relay Vulnerability
  11 February 2005 (AV05-009)
• F-Secure AntiVirus Library Heap Overflow
  10 February 2005 (AV05-008)
• Denial of service vulnerability for certain MPLS packets affecting Juniper routers
  10 February 2005 (AV05-007)
• Symantec UPX Parsing Engine Heap Overflow
  9 February 2005 (AV05-006)
• Microsoft Security Bulletin MS05-004, MS05-005, MS05-006, MS05-007, MS05-008, MS05-009, MS05-010, MS05-011, MS05-012, MS05-013, MS05-014, MS05-015
  8 February 2005 (AV05-005)
• Bagle Worm Variant Risk Assessment Raised to Medium
  27 January 2005 (AV05-004)
• MySQL UDF Dynamic Library Exploit Bot
  27 January 2005 (AV05-003)
• Oracle Critical Patch Update
  19 January 2005 (AV05-002)

Legend: AL= Alert; AV = Advisory; IN = Information note