Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: August 13, 2009
Lauren Gerber
2
Vote
0

Danger Alert: There Is A Defect In SupportSuite
 

Support.jpg

If you are looking for a tool that helps you set up a wonderful support platform, have a look at this one. Apparently Kayako SupportSuite caters to those exact needs. SupportSuite provides users with many features and if you would like to experience the benefits for yourself, you can try their instant access trial version. What I have mentioned is all well and good, but it is also important to be aware of the current vulnerability within SupportSuite.

The vulnerability reported in SupportSuite can be exploited by malicious online attackers in order to perform cross site scripting attacks. If these malicious users manage to execute the attacks, they will be able to gain access to your confidential information by bypassing important access controls. While these exploits are taking place, everything will appear perfectly normal on the user's side , but in fact it is far from perfect.

The vulnerability is due to the factor that input which is passed through the subject of a ticket, is not properly disinfected before being used. This creates the risk of online attackers exploiting the issue in order to insert arbitrary HTML and script code. This code is executed during a user's browser session, once malicious data is observed on a manipulated site.

SupportSuite may be used with the majority of operating systems with the inclusion of Windows 95. Some of the files of Windows 95 include: a2560.sys ,ANCIENT.EXE, crystal.inf as well as CHANGECP.EXE. You may be wondering how this vulnerability has been rated in the big scheme of vulnerability ratings. Well this vulnerability has luckily only been reported as moderately critical; this does not mean that SupportSuite users can simply ignore it though.

This vulnerability was found in SupportSuite version 3.50.06. It is vital for users to know that other versions may also be affected. The good news is that there is a solution, which is for all users to update to version 3.60.04. It is for you to decide, would you rather be a victim of a cross site scripting attacks, and run the risk of being a victim of identity theft and financial loss, or would you rather take the time and effort to apply the relevant updates. I will leave you with that choice, whatever you decide I hope you decide well.1PC.jpg

Resources:
The original advisory on this vulnerability.
The vulnerable product.

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

Virus:Win32/Sal .. 32/Sality.O.dl
March 17, 2010
HI more..
Trojan.Agent.IPB
March 17, 2010
Found this list of godaddy domain name coupons, I got a domain for my dog - ha $6.91 Domain... more..
Trojan.Agent.IPB
March 17, 2010
Three guys were having a beer in a bar in London. They were all relative newly-weds and they were talking... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > Danger Alert: There Is A Defect In SupportSuite