VB Migration

Tag: vulnerability

  • Kaspersky fixes serious vulnerability in Online Scanner

    Exploitable ActiveX control replaced in new version. Kaspersky Lab has released an updated version of its popular free online scanner to remedy a vulnerability in an ActiveX control used by the scanning system. The format string flaw, in the ‘kavwebscan’ ActiveX control, could be exploited by a malicious web page to cause a buffer overflow…

  • Word for Mac exploit spotted

    Patch Tuesday flaw targeted by vulnerability. A vulnerability in the Apple Mac version of Microsoft Word , covered by a patch in this month’s Patch Tuesday security update, has been subject of an attempted exploit seen by researchers at Symantec . The exploit document was observed to crash most versions of Word on Windows ,…

  • 4 out of 5 critical issues fixed on Patch Tuesday

    Expected patch omitted from monthly security update. Microsoft has announced the contents of its monthly ‘Patch Tuesday’ security update release, with four ‘Critical’ and two ‘Important’ fixes pushed out to users of its operating systems and software. A fifth issue, labelled ‘Critical’ in the advance notification released last week, remains open as the expected patch…

  • Adobe acknowledges PDF flaw, issues workaround

    Registry hack provides temporary fix for vulnerability. Adobe has officially confirmed the vulnerability announced last month by researcher Petko Petkov, which could allow maliciously crafted PDF files to breach security and compromise systems. Limited details of the flaw were made public and led to widespread concern over the security of the widely used document format.…

  • Sun patches serious Java flaws

    Critical vulnerabilities covered by urgent patches. Sun Microsystems has issued a series of patches to fix several vulnerabilities in its popular Java software. Successful exploitation of the flaws could allow remote access to systems and data. The string of flaws affect various versions of Java Runtime Environment ( JRE ), Java Web Start and other…

  • Alarm over possible PDF flaw

    Vulnerability announcement hyped to disaster level. The announcement of a potentially serious vulnerability in the ubiquitous Adobe PDF document format sparked considerable media attention last month, in some cases hyped to the level of a major disaster waiting to happen. The vulnerability was found by researcher Petko Petkov and was announced in a blog entry.…

  • Vulnerabilities closed in OpenOffice, StarOffice

    Flaws patched in TIFF parsing code. Security researchers at iDefense revealed last week that OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in email attachments, published on websites or shared using peer-to-peer software. According to iDefense , ‘When parsing the TIFF directory entries for certain tags,…

  • Quiet Patch Tuesday

    Four flaws fixed in minimal security update. Microsoft ‘s monthly ‘Patch Tuesday’ release of security updates for Windows and other software has been fairly quiet this month – with four patches released, only one of which is labelled ‘Critical’. The most serious issue is a vulnerability in the Microsoft Agent usability tool, which could be…

  • Yahoo!-owned ad firm serves up trojans

    Infectious flash adverts displayed on major sites. Advertising supplied by ad firm Right Media , a company bought out by web giant Yahoo! earlier this year after an initial investment in October 2006, has been serving up ads which use exploits to drop malware onto vulnerable systems. The ads are thought to have appeared on…

  • Minor flaws patched in Sophos AV

    Security vulnerabilities found and fixed. Two separate flaws have been reported in Sophos ‘s anti-virus engine, affecting most of its product range and allowing security bypass and possible cross-site scripting. The more serious flaw, which involves passing possibly dangerous content into the product’s log file via a specially crafted filename, is labelled ‘Moderately Critical’ by…