Archive for the 'Security-Vulnerabilities' Category


Firefox code under the microscope

Friday, September 8th, 2006

So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you […]

System patching 0-days and ancient-day vulnerabilities

Tuesday, September 5th, 2006

There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been […]

Another Internet Explorer Exploit (September 2006)

Friday, September 1st, 2006

A new Internet Explorer bug was published on Monday. It’s been given a CVE (2006-4446) and affects IE 6.0 SP1. It’s worth considering alternative browsers. Details from bugtraq indicate that it’s a buffer overflow in the DirectAnimation.PathControl COM Object(daxctle.ocx)… could cause DoS and possibly remote code execution.    Send article as PDF   

Sun java update process vulnerable

Wednesday, August 30th, 2006

The Java Runtime Environment from Sun has a vulnerability that’s due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a specially designed website could specifiy […]

Sendmail DoS vulnerability

Wednesday, August 30th, 2006

I’ve got to admit, I hadn’t caught the notice of this until it was at incidents.org. I don’t currently administer sendmail on any machines, but…. Sendmail released version 8.13.8 on August 9th to address several issues (including a DoS vulnerability). It was possible for a specially crafted email to trigger the problem.    Send article […]

Wireshark, various vulnerabilities disclosed

Thursday, August 24th, 2006

There used to be a tool called ethereal and then it changed it’s name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgrade if at all possible.    Send article as PDF   

More Microsoft Patch problems MS06-042

Tuesday, August 22nd, 2006

This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer […]

Powerpoint vulnerability (August 2006)

Tuesday, August 22nd, 2006

I’m having to make sure I put the date in the title of these posts now…. over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using powerpoint files. And by the 20th (Sunday) it was being called a 0-day. There is a good FAQ […]

Mac Wireless driver Security vulnerability revisited

Friday, August 18th, 2006

A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included the MacBook native drivers (among […]

Other MS patch news as well as a Yahoo vulnerability?

Monday, August 14th, 2006

Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS… “this is a DoS only issue that was not addressed in MS06-040, but will be addressed […]

Google
 
Web www.averyjparker.com