Security Threat Watch Update

There have been a number of interesting vulnerabilities this week.Microsoft released a patch for a vulnerability in JPEG graphic parsingin various GDI libraries. Part of the problem with this bug is thatvarious applications are supposed to ship their own versions of the GDIlibraries, which means you literally have to search your file system forvulnerable files to update. Then there is the issue of whether thethird-party application will even function correctly with the newer GDIlibrary.

Multiple vulnerabilities have been found in the Mozilla applicationsuite (Mozilla, Firefox and Thunderbird). Some of these bugs have beenreported before, but we thought we'd re-report the collected advisory.

Lastly, Corsaire released a large number of advisories relating to theimproper parsing of MIME documents by various products. The exact impactis product-specific, but improper MIME parsing can be exploited directly(buffer overflows, etc.) or indirectly (bypassing virus scanninggateways, creating malicious attachments, etc.). The slew of advisoriesare collected in this issue under a single entry with the title"Multiple vendors: various MIME interpretation problems."