logo

exploit

Category: vulnerabilities | Posted by Avatar Staff 302 days ago
Via: http://research.eeye.com | Tags: Excel Unspecified Exploit comments Discuss  
A remote code execution vulnerability exists within Microsoft Excel which may allow for a remote attacker to execute arbitrary code under the context of the logged in user. read more »
addto Add this link to... report Bury 
Category: blogs | Posted by Avatar Staff 298 days ago
Via: http://blog.washingtonpost.com | Tags: hackers exploit adobe reader flaw comments Discuss  
Security Fix has learned that at least one of the security holes in the popular Adobe Reader application that was quietly patched by Adobe this week is actively being exploited to break into Microsoft Windows computers. On Wednesday, we alerted readers that Adobe had pushed out a patch to plug unspecified security holes in its ubiquitous and free Acrobat Reader program. According to information released Friday by iDefense, a unit of Verisign, Web site administrators...Please click on the title to continue read more »
addto Add this link to... report Bury 
Category: vulnerabilities | Posted by Avatar Staff 295 days ago
Via: http://www.symantec.com | Tags: exploit apple quicktime vulnerability wild comments Discuss  
On November 25, we blogged about a proof of concept exploit code for Apple's QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability being disclosed to the public. Now a week has passed and Symantec's DeepSight honeynet has spotted at least one active exploitation in the wild. Originally, the flaw was disclosed on November 23, 2007 by Polish security researcher Krystian Kloskowski and since then we have seen number of exploits targeting the vulnerability being released to the publ read more »
addto Add this link to... report Bury 
Category: vulnerabilities | Posted by Avatar Staff 295 days ago
Via: http://www.symantec.com | Tags: apple quicktime exploit twist comments Discuss  
Four days after news of the recent Apple QuickTime vulnerability began to spread, a new proof-of-concept exploit, with a twist, has been published. While the shell code in the previous exploit was contained within a malicious RTSP data stream, this time the shell code is sent via JavaScript, separate from the stream. Let’s break down how this might play out. A client requests a Web page from a malicious site. The page that is sent contains malicious shell code and a request for a QuickTime movie. If the read more »
addto Add this link to... report Bury 
Category: vulnerabilities | Posted by Avatar Staff 295 days ago
Via: http://www.symantec.com | Tags: zeroday exploit apple quicktime vulnerability comments Discuss  
Proof of concept exploit code for a newly discovered vulnerability in Apple's QuickTime player has been made available to the public today. The vulnerability (Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability) was first reported on November 23rd by Polish security researcher Krystian Kloskowski. The publicly released exploit works successfully when tested with the latest stand-alone QuickTime player application version 7.3. It does not seem to execute any shellcode read more »
addto Add this link to... report Bury 
Category: vulnerabilities | Posted by Avatar Staff 295 days ago
Via: http://www.symantec.com | Tags: new exploit xunlei thunder wild comments Discuss  
Symantec Security Response has observed web based exploit attacks using a previously unknown vulnerability in the Xunlei Thunder PPlayer ActiveX control. This is a component of the Chinese download accelerator and file-sharing application, Xunlei Thunder 5.7.4 401. The attack originates from a server on the 522love.cn domain. If a user navigates to the site, a Web page hosted on the site employs a client detection technique to determine the appropriate exploit code that should be sent back to the requesti read more »
addto Add this link to... report Bury 
Category: vulnerabilities | Posted by Avatar Staff 286 days ago
Via: http://www.symantec.com | Tags: phish n exploit comments Discuss  
How many of us click on the links sent to us by trusted friends? Does the trust implicitly extend to the links they are sending? This trust is precisely what phishers take advantage of. Traditionally phishers have mainly used instant messaging (IM) and email to take advantage of the average user. However, with the rise in social networking sites the phishers have bought themselves a brand new playing field. Symantec has recently observed millions of user profiles of a certain social networking site carryi read more »
addto Add this link to... report Bury 
Category: news | Posted by Avatar Staff 279 days ago
Via: http://lists.jammed.com | Tags: isn apples mac os vulnerable networking exploit comments Discuss  
http://www.informationweek.com/news/showArticle.jhtml?articleID=206900323By Thomas ClaburnInformationWeekFebruary 26, 2008The most recent version of Apple's Mac OS X (10.5.2) appears contain a security vulnerability that could allow an attacker to crash computers on a local or remote network.Security researcher Neil Kettle of Digit-labs.org on Tuesday posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.Most networks use the IPv4 networking protocol; read more »
addto Add this link to... report Bury 
Category: blogs | Posted by Avatar Staff 261 days ago
Via: http://www.symantec.com | Tags: spammers exploit tax season comments Discuss  
As reported in the February State of Spam report, we have observed spammers disguising themselves as the IRS and dangling an offer of a tax refund to unwitting recipients. That is, a refund made available once you input your credit card information into their site. A site that does not bear the IRS URL. A site that is fraudulent and nothing more than a collection tool for credit card and other personal information. And while we are still seeing this, we have recently observed a few new types of spam in rel read more »
addto Add this link to... report Bury 
Category: blogs | Posted by Avatar Staff 252 days ago
Via: http://www.symantec.com | Tags: neosploit updated exploit comments Discuss  
Sometime over the recent Easter weekend, an update to the Neosploit Web attack toolkit showed up on DeepSight honeypots. The new Neosploit version is being served mainly from traffic exchange sites, but some mainstream sites, such as those for restaurants, were also serving up the infectious content. The main addition that was found in the new iteration of Neosploit is the addition of an exploit for the CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability. There is no pat read more »
addto Add this link to... report Bury 
Category: news | Posted by Avatar Staff 247 days ago
Via: http://www.infoworld.com | Tags: office exploit hits street comments Discuss  
Attack code that targets a recently patched vulnerability in Microsoft 's Office suite has gone public, a security company said Monday as it urged users to update immediately. read more »
addto Add this link to... report Bury