Heres some news you can use...

TABLE OF CONTENTS:

{02.20.003} Win - Update {02.19.012}: (uw-)imapd BODY command overflow
{02.20.013} Win - MS02-023: May 2002 Cumulative Patch for Internet
Explorer
{02.20.014} Win - PGP interacts with Windows EFS to expose files
{02.20.026} Win - Hosting Controller CGI file manipulation and browsing
{02.20.027} Win - IMail LDAP service 'bind DN' overflow


- --- Windows News
-------------------------------------------------------

*** {02.20.003} Win - Update {02.19.012}: (uw-)imapd BODY command
overflow

Caldera released updated imapd packages, which fix the vulnerability
discussed in {02.19.012} ("uw-imapd BODY command overflow").

Updated RPMs are listed at:
http://archives.neohapsis.com/archiv...2-q2/0013.html

Source: Caldera
http://archives.neohapsis.com/archiv...2-q2/0013.html

*** {02.20.013} Win - MS02-023: May 2002 Cumulative Patch for Internet
Explorer

Microsoft released MS02-023 ("May 2002 Cumulative Patch for
Internet Explorer"). This cumulative patch fixes six new security
vulnerabilities in Internet Explorer, including the ability to
execute arbitrary applications, local file reading, cookie reading
and a local cross-site scripting vulnerability.

FAQ and patch:
http://www.microsoft.com/technet/sec...n/MS02-023.asp

Source: Microsoft
http://archives.neohapsis.com/archiv...2-q2/0033.html

*** {02.20.014} Win - PGP interacts with Windows EFS to expose files

PGP version 7.0.3 includes an option to "wipe deleted files." If
enabled, this option interacts with Windows EFS (Encrypted File System)
in a manner that could leave unencrypted copies of EFS-protected
files laying around.

NAI confirmed this vulnerability and released a hot fix, which is
available at:
http://www.nai.com/naicommon/downloa...ades-patch.asp

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-05/0052.html

*** {02.20.026} Win - Hosting Controller CGI file manipulation and
browsing

The Hosting Controller ASP CGI suite contains bugs that allow users of
the hosting controller software to view and overtake files on the local
system by submitting various malformed URL requests to the CGI pages.

These vulnerabilities are not confirmed.

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-05/0142.html
http://archives.neohapsis.com/archiv...2-05/0168.html

*** {02.20.027} Win - IMail LDAP service 'bind DN' overflow

IpSwitch IMail versions 7.1 and prior reportedly contain a buffer
overflow in the handling of the 'bind DN' parameter passed to the
internal LDAP service, thereby allowing a remote attacker to execute
arbitrary code with local system privileges.

This vulnerability is confirmed; a vendor patch is available at:
http://www.ipswitch.com/Support/IMai...-upgrades.html

Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archiv...2-05/0172.html