Users of Wing FTP Server versions v3.1.2 or earlier are strongly advised to update their software. In recent investigations, TrendLabs’ vulnerability research group found a vulnerability in the said versions that can be used to crash users’ FTP servers.
Go here to see the original:
Trend Micro Discovers Wing FTP Server PORT Command DoS Bug
We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory are in the wild.
A new exploit has been found in the Japanese word processor Ichitaro . JP-RTL engineers have received a sample Ichitaro document, which is capable of exploiting the previously unknown vulnerability
Go here to read the rest:
Another Vulnerability Discovered in Ichitaro
Microsoft released two critical security advisories as part of its May Patch Tuesday.
Visit link:
Microsoft and Adobe Release Fixes in May Patch Tuesday
.PDF files —or its inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered.
Hot on the heels of this month’s security bulletin , a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway
See the original post:
New IE Zero-Day Exploit (CVE-2010-0806)
Microsoft schedules its security updates on the second Tuesday of the month. Adobe recently began following this schedule as well, and while there are no Adobe updates today, there was an out-of-cycle security update two weeks ago.
Originally posted here:
PDF Based Targeted Attacks are Increasing
Posted by (0) Comment
Another Proof-of-Concept (POC) Revealed The changing threat landscape has brought about more sophisticated Web threats, and left the online population clamoring for better security features in the systems and applications that they use. This has pushed Microsoft to develop security mechanisms within its applications like Windows’ Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) . Both DEP and ASLR are security mechanisms that Microsoft included in its latest Windows releases starting with XP SP2 and Vista, respectively, which should ideally protect systems from being attacked by exploit codes.
Excerpt from:
New Exploit Bypasses DEP
Asking for help in Windows could lead to more trouble. A newly discovered vulnerability in Internet Explorer (IE) leverages the ability of a Visual Basic script to invoke a .HLP (Windows Help file format) file, which could give a remote attacker the ability to run arbitrary code on an affected system. Visual Basic uses the following syntax to call the MsgBox function , which is used to display message boxes: MsgBox(prompt[,buttons][,title][,helpfile,context]) However, if a specially crafted .HLP file passes as a variable, remote users would be able to run arbitrary code on an affected system
View original post here:
Calling Windows for Help May Lead to Vulnerability
Posted by (0) Comment
Within days of Adobe’s release of out-of-band security updates for both Acrobat and Reader, word now comes from security researcher Aviv Raff, of another new vulnerability in an Adobe product. The flaw was found in Adobe Download Manager (DLM), an application Adobe uses to deliver common applications (e.g., Flash and Reader ) to users’ systems.
View original post here:
New Adobe Download Manager Bug