Adobe Products PNG.8BI PNG File Handling Buffer Overflow

1821 Comments Off

Description:Marsu has discovered a vulnerability in various Adobe Products, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG […]

Google pulls malicious sponsored links

1777 Comments Off

Google has removed paid links that advertised seemingly legitimate Web sites but actually tried to install nefarious programs on PCs. The links were displayed as “sponsored links” after visitors entered specific queries into Google’s search service. Clicking the links would ultimately go to a legitimate site, but by way of another site that attempted a […]

Microsoft Security Bulletin Minor Revisions – April 27, 2007

Security Bulletins / Advisories Comments Off

Issued: April 27, 2007SummaryThe following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details.  * MS07-021  * MS07-012Bulletin Information:MS07-021  – Reason for Revision: Updated File Information Section for Windows    XP Service Pack 2 and Windows Vista    – Originally posted: April 10, 2007  – Updated: April 26, 2007  – […]

Symantec Products Information Disclosure and Buffer Overflow

1821 Comments Off

Description:A vulnerability and a security issue have been reported in various Symantec products, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. 1) Scheduled backups to remote network shares save login credentials for remote shares in the application directory with insecure permissions […]

E-mail harvesters hit with $1B anti-spam lawsuit

1777 Comments Off

A $1 billion lawsuit filed today promises to open up a new front in the battle against spam: It targets not just spammers, but — for the first time — also those responsible for harvesting e-mail addresses on behalf of spammers. The lawsuit, filed in the U.S. District Court in Alexandria, Va., is one of […]

Schneier questions need for security industry

1777 Comments Off

Outspoken author and security guru Bruce Schneier has questioned the very existence of the security industry, suggesting it merely indicates the willingness of other technology companies to ship insecure software and hardware. Speaking this week at Infosecurity Europe 2007, a leading trade show for the security industry, Schneier said, “the fact this show even exists […]

Cisco Security Advisory: Default Passwords in NetFlow Collection Engine

1777 Comments Off

Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system. The upgrade to NFC version 6.0 is not […]

Storm Worm marries malware and spam

1777 Comments Off

Spammers have decided to kill two birds with one spam: The stock-touting e-mail messages regularly sent out by spam-focused bot nets have started to include links to malicious code, according to a report published Wednesday by e-mail security firm MessageLabs. The criminal groups responsible for the spam appear to believe that recipients of the e-mail […]

Mozilla extends Firefox 1.5 support to mid-May

1777 Comments Off

Mozilla Corp. yesterday extended support for its 17-month-old Firefox 1.5.0.x browser until mid-May, citing the need to roll out a patch that will automatically update users to the newer 2.0 version before it pulls the support plug. Even that date looks iffy, however, according to information posted to Mozilla development wikis. The company had earlier […]

Apple QuickTime Java Handling Unspecified Code Execution

1821 Comments Off

Description:A vulnerability has been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error within the Java handling in QuickTime. This can be exploited to execute arbitrary code when a user visits a malicious web site using a Java-enabled browser […]


© 2014 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in