Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability;Apple released security fixes

Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers may exploit this issue by convincing victims into visiting a malicious website. Exploiting this issue may allow remote attackers to capture images rendered locally on screen that may contain sensitive information. Vulnerable:  Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 Solution: Install Security Update 2006-008 update, see  

How Vista Enables Windows Aero – New Document Available

Windows Aero is Vista’s new user interface and is based on desktop composition which is the process where each window and the desktop background is drawn separately and then composed by using the 3‑D graphics engine to create the desktop image a user sees. Vista’s process for automatically enabling Aero is relatively involved, and to date, the process hasn’t been very clear. But now that Vista is out the door – I’ve had time to catch up on my to-do list which includes writing a white paper describing the process. I’ve also included a trouble shooting guide.  You can find … Continue reading How Vista Enables Windows Aero – New Document Available

Microsoft Security Bulletin Revised: MS06-078

MS06-078 – Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) Revisions: V2.0 (December 19, 2006): Bulletin updated has been revised and re-released for the Korean only package on Microsoft Windows Media Runtime Format 7.1 and 9.0 Series Runtime on Windows 2000 Service Pack 4 to address the issues identified in Microsoft Knowledge Base Article 923689. Additional clarity around file versions in the “I’ve installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed?” in the “Frequently Asked Questions (FAQ) Related to this Security Update” section.

Mozilla Foundation Security Advisories (Dec. 19, 2006)

MFSA 2006-76 XSS using outer window’s Function objectMFSA 2006-75 RSS Feed-preview referrer leakMFSA 2006-74 Mail header processing heap overflowsMFSA 2006-73 Mozilla SVG Processing Remote Code ExecutionMFSA 2006-72 XSS by setting img.src to javascript: URIMFSA 2006-71 LiveConnect crash finalizing JS objectsMFSA 2006-70 Privilege escallation using watch pointMFSA 2006-69 CSS cursor image buffer overflow (Windows only)MFSA 2006-68 Crashes with evidence of memory corruption (rv: on the above advisories at: Security Alerts & Announcements: Security Update (December 19, 2006): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible. … Continue reading Mozilla Foundation Security Advisories (Dec. 19, 2006)

Coming in January: "Month of Apple Bugs"

A security researcher has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple’s OS X operating system or in Apple applications that run on top of it. The “Month of Apple Bugs” project, currently slated to begin on Jan. 1, is being orchestrated by a security researcher who asked to be identified only by his online alias “LMH.” This is the same researcher who in November ran the “Month of Kernel Bugs” project. LMH said that while his upcoming project had the potential to … Continue reading Coming in January: "Month of Apple Bugs"

Winamp Web Interface Multiple Vulnerabilities

Winamp Web Interface (Wawi) is “a nice open source plugin for Winamp which allows the remote administration of the media player through any web browser”. The Winamp Web Interface, WAWI for short, has been found to contain multiple vulnerabilities that would allow a remote attacker to overflow the internal buffers used by the product and cause it to read arbitrary file and display them. Vulnerable Systems: * Winamp Web Interface version 7.5.13 and prior

Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition

Breno Silva Pinto has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a race condition when W29N51.SYS handles multiple beacon frames. This can be exploited to overwrite certain kernel memory structures via sending multiple specially crafted beacon frames to the wireless card. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version Other versions may also be affected. Solution: Turn off the wireless card when not in use.

Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service A vulnerability was reported in Microsoft Outlook. A remote user can cause denial of service conditions. A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a Microsoft Outlook ActiveX component (Outlook Recipient Control) and cause Internet Explorer to hang. shinnai reported this vulnerability. The original advisory and a demonstration exploit is available at: Impact:  A remote user can create HTML that, when loaded by the target user, will cause Internet Explorer to hang.Solution:  No solution was available at the time of this entry.

Vista and the Future of OS Security

Microsoft has a lot riding on its new security features in Vista, according to Ed Moyle, a security services manager at CTG. However, he does not think that tighter security will necessarily make Vista a less appealing target for attackers. Instead, he expects Vista to be the top target for attackers going forward. More in

Microsoft reaches massive settlement over software copying

Microsoft has claimed an important victory in its battle against software “piracy”, after securing a multi-mission dollar settlement against one of its own, trusted disk “replicators” which had produced 20,000 unauthorised copies of Microsoft Exchange and SQL Server. Microsoft released no details of exactly how much money it had recouped from the MPO Group, a company that replicates DVDs and CDs in France, Spain, Thailand and Ireland. The setttlement was reached following an investigation into the group’s disc manufacturing facility in Thailand. This operation, which took over a year, revealed that the pirating had been done by a third-party company … Continue reading Microsoft reaches massive settlement over software copying