Just a quick alert about an email from Google warning of vulnerabilities in some DoubleClick publishers. This has been sent to all website owners who use DoubleClick in any form.

However this will ONLY affect website owners who use DoubleClick as a stand alone service to display adverts. It does not affect website owners who use Google AdSense to display adverts and have enabled the additional options to also use DoubleClick as a method of advertising in the allowed advertisers section of your Google AdSense settings page.

The email reads:

Dear Customer,
We’ve identified certain vendor files that may contain XSS vulnerabilities which could pose a security risk. Please check if you are hosting these files and remove them with the help of your webmaster. These are the currently identified third-party vendor files:

1. adform/IFrameManager.html

2. admotion/afa-iframe.htm

3. bonzai/bonzaiBuster.html

4. exponential/buster.html

5. eyeblaster/addineyeV2.html

6. eyewonder/interim.html

7. flashtalking/ftlocal.html

8. ipinyou/py_buster.html

9. jivox/jivoxibuster.html

10. mediaplex/mojofb_v9.html

11. mixpo/framebust.html

12. predicta/predicta_bf.html

13. rockabox/rockabox_buster.html

14. liquidus/iframeX.htm

15. controbox/iframebuster.html

16. spongecell/spongecell-spongecellbuster.html

17. unicast/unicastIFD.html

18. adrime/adrime_burst.2.0.0.htm

19. revjet/revjet_buster.html

20. kpsule/iframebuster.html

We have disabled these vendors where possible for all DoubleClick for Publishers and DoubleClick Ad Exchange customers. However, any of the mentioned files hosted on your site may still pose a risk and should be taken down. We will notify you as we learn more.

For more information please refer to this Help Center article.

Regards,

The DoubleClick for Publishers and DoubleClick Ad Exchange Teams