Internet Explorer 8 0-Day Update CVE-2013-1347

Microsoft has confirmed a bug in Internet Explorer 8, CVE-2013-1347, which exposes user machines to remote code execution. In an advisory, Microsoft says the vulnerability “exists in the way that Internet Explorer [accesses] an object in memory that has been deleted or has not been properly allocated.” That, in turn, opens the door to memory corruption and remote code execution in the current user context. According to this blog post by Eric Roman: “A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the document and used again during rendering, an invalid memory that’s controllable is used, and allows arbitrary code execution under the context of the user....

May 6, 2013 · 2 min · 225 words · Omid Farhang

Duqu exploits previously unknown vulnerability in Windows kernel

The H-Online Security: Microsoft has confirmed a report from Budapest-based Laboratory of Cryptography and System Security (CrySyS), which claimed that the Duqu bot spreads by exploiting a zero day vulnerability in the Windows kernel. How it spreads had previously been unknown. CrySyS discovered the Windows vulnerability whilst analysing the installer. The bot, which anti-virus software firm Symantec believes is related to Stuxnet, infects target systems using a specially crafted Word file which injects the malware into the system using a kernel exploit....

November 3, 2011 · 2 min · 393 words · Omid Farhang

Zero-Day Vulnerability in Adobe Flash Player, Reader and Acrobat

Avira TechBlog: Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier versions for Windows, Mac, Linux and Solaris, the current version integrated in the Chrome web browser, and 10.2.156.12 and earlier versions for Android. The authplay.dll component of current and older version of Adobe Acrobat and Reader are also affected; according to Adobe, the sandbox of Acrobat Reader X prevents from execution of malicious payloads though....

April 12, 2011 · 1 min · 156 words · Omid Farhang

Adobe update spam scam

Here’s the latest twist in the “membership” site scam: spam emails that tell potential victims to update their Adobe Reader include links to a web site intended to look like something related to Adobe products, but is selling “memberships.” The REAL way to update your Adobe software is on the help menu: help | check for updates (see the end of this blog piece for details). The spam email: Notice that the graphic on the web page says “PDF Reader/Writer” and doesn’t mention Adobe, as the email (and the URL it contained) did:...

December 6, 2010 · 2 min · 304 words · Omid Farhang

Windows Vista & Windows 7 Kernel Bug Can Bypass UAC

Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against Malware. A zero-day for Windows 7 back in July of this year also bypassed Windows UAC....

November 30, 2010 · 4 min · 744 words · Omid Farhang

Comment on Stuxnet and more Windows 0-days

Over the last few days, some news organizations have been saying that Stuxnet source code is available on the black market, and that clearly therefor there is an impending Internet Armageddon. This is patently silly, on a number of levels, but silly none-the-less. First thing is that I flat-out don’t believe Stuxnet source is available for sale on the black market or anywhere. Remember how often I say that if something sounds too good to be true, it’s not true?...

November 28, 2010 · 2 min · 331 words · Omid Farhang

Patchday ahead

The Redmond company today published its announcement for the upcoming November Patch Tuesday. Microsoft wants to release 3 security bulletins which deal with 11 security vulnerabilities within Office and PowerPoint (up to the brand new Office 2011 for Mac) and Forefront Unified Access Gateway. A patch for the just recently detected 0-day vulnerability in Internet Explorer is not in the list. Adobe meanwhile ships an update for the Flash Player to version 10....

November 6, 2010 · 2 min · 269 words · Omid Farhang

Stuxnet Questions and Answers

Stuxnet continues to be a hot topic. Here are answers to some of the questions we’ve received. Q: What is Stuxnet? A: It’s a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords. Q: Can it spread via other USB devices? A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on....

October 6, 2010 · 6 min · 1157 words · Omid Farhang

Flash Player Updates fix 0-day-vulnerability

Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat are affected (which are supposed to get an update in 2 weeks), until now we’ve only seen exploits against the Windows Flash Player. Users and administrators should update their Flash Player as soon as possible!...

September 21, 2010 · 1 min · 105 words · Omid Farhang

New 0-day Exploit for Adobe Reader

A malicious PDF file has turned up which exploits a new security vulnerability in Adobe Reader and Acrobat – even in the most current version 9.3.4 and 8.2.4, on all supported platforms. There is currently no update available from Adobe which fixes the vulnerability. The company is aware of the problem though. The weakness is a buffer overflow within the CoolType.dll of the Adobe Reader and Acrobat installation. While parsing a PDF document with specially prepared SING (Smart INdependent Glyphlets) fonts it is possible to abuse the vulnerability to execute malware....

September 9, 2010 · 2 min · 344 words · Omid Farhang