Adobe Acrobat Stack Exhaustion DoS Vulnerability

Adobe Acrobat is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.   Attackers can exploit this issue to cause the affected application to crash, effectively denying service. Arbitrary code execution may be possible, but has not been confirmed. Adobe Acrobat 9.1.1 is vulnerable; other versions may also be affected. NOTE: This BID was previously classified as a buffer-overflow. Further analysis reveals that it is a stack exhaustion, and code execution is unlikely. Vulnerable: Adobe Acrobat Reader 9.1.1 Adobe Acrobat 9.1.1 PoC is available http://www.securityfocus.com/bid/35148/discuss

Bing.com’s key areas and what it replaced/rebrand on Microsoft products?

Microsoft revealed the other day that Bing.com will be available next week (June 3 is the plan date to launch Bing).  If you are wondering what is Bing.com and what Microsoft products or services is replaced or rebrand by Bing: Bing.com is a new Decision Engine:  This means you can use Bing.com to search (like what Live.com, Google.com, Yahoo.com is offering).  The difference is Bing.com will hopefully provide people a search engine that focuses on the following areas: Making a purchase decision Planning a trip Researching a health condition Finding a local business The above four topics is the initial … Continue reading Bing.com’s key areas and what it replaced/rebrand on Microsoft products?

Zoller: Mozilla does not acknowledge DoS bugs

Thierry Zoller, a security researcher is not happy that Mozilla is not acknowledging Denial of Service bugs or security issues that are less critical. I am tired of seeing the security/patch statistics where one browser is compared to another. When Microsoft doesn’t patch a DoS bug for 6 month it negatively impacts the statistic, Mozilla doesn’t acknowledge DoS bugs nor to they officially issue advisories. Go to bugzilla, search a bit and draw you own conclusion, there are DoS bugs that are 3 years old that have not been patched. Are these included in the statistics – no. More at … Continue reading Zoller: Mozilla does not acknowledge DoS bugs

Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability

Linksys WAG54G2 router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with superuser privileges. This may facilitate a complete compromise of the affected device. Linksys WAG54G2 with firmware V1.00.10 is affected; other versions may also be vulnerable. Vulnerable:  Linksys Wireless-G ADSL2+ Gateway WAG54G2 1.0.10 (Firmware) http://www.securityfocus.com/bid/35142/discuss Vendor’s reaction / issue history The research was performed in early 2009. The vendor was notified on 18.03.09. Quick response (within one day) Quick confirmation of the issue (within few days). No fix till now … Continue reading Linksys WAG54G2 Web Management Console Remote Arbitrary Shell Command Injection Vulnerability

Mozilla Firefox ‘keygen’ HTML Tag DoS Vulnerability

Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to cause the browser to stop responding, thus denying service to legitimate users. Vulnerable:  Mozilla Firefox 3.0.10  http://www.securityfocus.com/bid/35132/discuss Disclosure timeline DD/MM/YYYY 14/12/2008 : Created bugzilla entry (security) with (the wrong) proof of concept file. 14/12/2008 : Attached the correct POC file (mea culpa) and a stack trace and details of memory corruption that repeatitly occured during testing the POC 24/12/2008 : dveditz@mozilla.com comments : "I can definitely confirm the denial of service aspect, and there’s a very minor memory leak (after 9 hours of CPU time … Continue reading Mozilla Firefox ‘keygen’ HTML Tag DoS Vulnerability

Massive ID fraud and cheque scam busted in NYC

A corporate identity theft ring that exploited the identities of local corporations, religious institutions, hospitals and even schools to run a cheque fraud scam has been busted in New York. Investigators reckon the gang of 18 suspects made millions by impersonating workers from an estimated 350 New York-based organizations. Data purchased from corrupt bank insiders was used to lay the groundwork for the scam, which relied on cashing thousands of counterfeit payroll cheques. The fraudsters also plundered the bank accounts of individual victims, using data obtained from corrupt bank insiders to transfer funds to banks under the control of the … Continue reading Massive ID fraud and cheque scam busted in NYC

Malware SPAM: United Parcel of America, UPSDOCS_IN987712001.zip

Another fake e-mail today with compressed malware, UPSDOCS_IN987712001.exe The fake message: Hello! We were not able to deliver postal package you sent on the 14th of March in time because the recipient’s address is not correct. Please print out the invoice copy attached and collect the package at our office. Your United Parcel Service of America Not even half of popular malware scanners have detection on this malware so watch-out for your emails. Delete them using Mailwasher (free version is available at mailwasher.net) or enable your spam filtering tool: http://www.virustotal.com/analisis/a23dd903f1a37330da1fe420d1da73fba019a604ed09f996d309bef059d1f94c-1243604156

Windows Vista Application Compatibility List updated

Find out if your application is compatible with Windows Vista since Microsoft released Service Pack 2 for Vista. Download Vista Application Compatibility List document at http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9df23606-7276-4ce2-8993-143e101ddbcd

Increasing Your Organization’s Security and Privacy with Internet Explorer 8

Guidance for Enhancing Internet Explorer Security for Desktop Users Learn about the emerging threat types on the web today and how Internet Explorer 8’s new security features help protect against them. The Web browser is the main interface a company’s users have to the web. As such it is constantly under attack. Internet Explorer 8 provides significant new security protections that can help companies protect their valuable information and reduce costs. This paper provides an overview of the new threat types and how Internet Explorer 8’s new security features help protect against them. Download the guide (in PDF format) at … Continue reading Increasing Your Organization’s Security and Privacy with Internet Explorer 8

Sun released new build 14 of Sun Java RE 6

The release is Windows 7 support-ready and includes support for Internet Explorer 8, Windows Server 2008 SP2, and Windows Vista SP2. New features include the G1 garbage collector, plus performance and security enhancements http://java.sun.com/javase/6/webnotes/6u14.html Download: http://java.sun.com/javase/downloads/index.jsp http://www.java.com/en/download/manual.jsp?locale=en&host=www.java.com:80 http://www.java.com/en/download/index.jsp