Internet Explorer 0-day (take 2 of the last few days…)

Wednesday, September 20th, 2006

The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch [...]

DEP incompatibilities HP Deskjet 5550 printing blank pages

Monday, August 28th, 2006

I had a frustrating morning last week. I had setup a new pc, transferred data and gotten everything in fairly nice shape. I had got the old printer attached and setup (HP Deskjet 5550). In fact I had done a test page through the printers software at the end of the install process (Some sort [...]

Exploit Prevention in software

Monday, May 15th, 2006

There’s been a lot of talk about hardware enforced DEP as a mitigating factor in some of the exploits in the last six months. There’s also a new software product that can limit the impact of zero-day exploits. The software is for windows and is called SocketShield. Suzi at Spyware Confidential has taken it for [...]

WMF exploit and DEP

Friday, December 30th, 2005

There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to [...]

Lotus Notes WMF vulnerability

Friday, December 30th, 2005

This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What [...]

WMF 0-day exploit

Wednesday, December 28th, 2005

There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.    Send article as PDF   


Switch to our mobile site