Microsoft has released an advisory regarding a new zero-day IE6 and IE7 vulnerability: http://www.microsoft.com/technet/security/advisory/981374.mspx eSafe will be able to detect the exploit from SV140 which is scheduled to be released today. Detection name: as JS.CVE-2010-0806 More information will be published later on. AIRC Blog
New MS zero-day vulnerabilities IE6/IE7
Microsoft has released an advisory regarding a new zero-day IE6 and IE7 vulnerability: http://www.microsoft.com/technet/security/advisory/981374.mspx eSafe will be able to detect the exploit from SV140 which is scheduled to be released today. Detection name: as JS.CVE-2010-0806 More information will be published later on. AIRC Blog
Incoming search terms for the article:
Microsoft confirms new Windows zero-day bug
Computerworld – Microsoft today confirmed an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug. A patch is under construction, but Microsoft does not plan to issue an emergency, or “out-of-band,” update to fix the flaw. The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool
Zero-day Flash bugs squashed by Adobe
Adobe has issued a security update for its widely-used Flash software, protecting against a number of critical security vulnerabilities that could be exploited by malicious hackers. In a security bulletin published on its website, Adobe recommends that users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. In addition, the firm says that they expect to make
Internet Explorer users warned of new zero-day attacks
Microsoft has warned users of all supported versions of the Internet Explorer browser that an unpatched vulnerability exists in the product that is being actively exploited by malicious hackers in targeted attacks. The zero-day vulnerability, described in a Microsoft’s security advisory, allows cybercriminals to execute code on remote users’ computers without their permission. In other words, simply clicking on a link
New IE Zero-Day used in Targeted Attacks
Things have been pretty rough in the Response world the past few weeks. The number of exploits taking advantage of unknown and unpatched vulnerabilities has been breathtaking. One such case started few days ago when we received information about a possible exploitation using older versions of Internet Explorer as targets. Hackers had sent emails to a select group of individuals within targeted organizations. Within the email, the perpetrators added a link
New Zero-Day Attack in Adobe Products (CVE-2010-3654)
Back in June, Adobe had released a security advisory and a product update about a critical flaw affecting Flash Player versions and a vulnerable component, authplay.dll, of Adobe Reader and Acrobat that was exploited in the wild, APSA10-01. Yesterday, Adobe has released another security advisory, APSA10-05, alerting users about the same critical flaw affecting Flash Player versions and a… CA Community
Firefox Patch for Zero-Day Vulnerability Issued
Mozilla have published an update for their Firefox browser that fixes a critical security issue that could potentially allow remote code execution. Users are strongly recommended to update to the latest version. To update manually, select ‘Check for Updates’ from the Help menu then clicking on “CHeck for Updates” More information about the updates is available here. Fast turnaround
Limited Firefox Zero-Day Attack in the Wild
Earlier today, Mozilla confirmed on its blog that an unpatched vulnerability exists in Firefox 3.5 and 3.6. Unfortunately code exploiting the vulnerability is out in the wild. It has been reported that the website for the Nobel Peace Prize was compromised to host the exploit code. Symantec detects the malicious file that is dropped to the %Windir%\Temp folder when the exploit code is succesfully
Stuxnet Using Three Additional Zero-Day Vulnerabilities
Our continued analysis of W32.Stuxnet has revealed a total of four zero-day vulnerabilities being used by the threat. We have already discussed the .lnk file vulnerability that Stuxnet uses to spread through USB drives here. Further investigations have revealed that Stuxnet uses one additional remote code execution vulnerability as well as two local privilege escalation vulnerabilities. We reported these vulnerabilities to Microsoft and today Microsoft has released a patch for the Print
Incoming search terms for the article:
Adobe PDF Zero-Day Exploit Discovered in the Wild
Just after Adobe released their Out of Band patch for CVE-2010-2862, We discovered a malware exploiting a new 0-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-2010-2862, this 0day vulnerability also occurs while Adobe Reader is parsing TrueType Fonts. We’ve analyzed and confirmed that the vulnerability affects the latest Adobe Reader (v9.3.4). This 0day vulnerability is a typical stack buffer
Incoming search terms for the article:
zero day bypass antivirus, bypass GS, kaspersky av signature for adobe reader zero day, malware 0 day facebook
Microsoft Zero-Day: Malformed Shortcut Vulnerability
Today Microsoft updated the security advisory that was initially published last Friday (July 16), stating that they’re working on issuing a security patch for this vulnerability. Earlier, malware exploiting this issue was found in the wild. Researchers at McAfee Labs have been busy tracking this issue over the weekend and we have come up with some more quick Q&A’s. 1. What
Incoming search terms for the article:
Apply Workaround for Windows Zero-Day Flaw
Since the weekend there is a so-called zero day vulnerability publicly known in all supported (and even in the now unsupported) Windows operating systems. Just by browsing to a folder with a manipulated .lnk file – a shortcut to a program, document or a file in general – with Windows Explorer may lead to full system compromise. Microsoft has released a security advisory upon the issue and updated it now to state that
Code for Shortcut Zero-Day Exploit is Public
If you’re not following Mikko’s Twitter feed, you may have missed yesterday’s news that public proof of concept exploit code for the Windows shortcut (.lnk) vulnerability has been released on exploit-db.com. This further escalates the danger of the shortcut vulnerability. So far, only the authors of the Stuxnet rootkit have utilized the flaw, but now there’s
Zero-Day Vulnerability in Windows Shell
Microsoft has released Security Advisory 2286198, which provides details on the LNK shortcut (Windows Shell) vulnerability that’s currently being exploited by the Stuxnet rootkit. The news is not good. Besides USB devices, the Windows Shell vulnerability can also be exploited via Windows file shares and WebDav. All versions of Windows are affected: Vulnerable versions include Windows XP Service Pack 2 which is not listed by the
A Zero-day Connection
While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability (BID 40586), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability (BID 38615) targeted attacks from
Incoming search terms for the article:
Analysis of a Zero-day Exploit for Adobe Flash and Reader
Last weekend, we warned our customers about a Zero-day exploit targeting Adobe Flash and Reader in the wild. The corresponding BID can be seen here. We have updated our antivirus definitions in order to detect this new threat as Trojan.Pidief.J, and we have done an analysis of this new exploit to understand how it works. At first glance, the PDF document looks suspicious: it contains a
Zero-day Attack in the Wild for Adobe Flash, Reader, and Acrobat
We have confirmed the attacks that exploit the vulnerability (CVE-2010-1297) that Adobe announced on its security advisory are in the wild. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX. Adobe has categorized this as 'critical', which is the highest
Zero-Day Attack in Adobe Products (CVE-2010-1297)
Last week, Adobe released a security advisory, APSA10-01, alerting users about a critical flaw affecting Flash Player versions and a vulnerable component, authplay.dll, of Adobe Reader and Acrobat. The vulnerability (CVE-2010-1297) causes the application to crash and could be used to run arbitrary code. This means that the malicious files could be downloaded or dropped on the affected… CA Community
Zero-Day Acrobat Exploit – In The Wild
Adobe released a security advisory and announced a zero-day exploit found in specific Adobe Flash Player versions. The vulnerability (CVE-2010-1297) could be used to run arbitrary code. This means that the malicious files could be downloaded or dropped on the affected system. During our daily research we found some malicious PDF files which are exploiting this vulnerability to spread malicious files. All versions of Flash
