Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18iDefense Security Advisory 08.11.09 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). iDefense has confirmed the existence of this vulnerability inside Microsoft' ATL and MFC. This vulnerability appears to be limited to MFC version 3.0. Any source code compiled with these libraries may also be vulnerable.
edf512cb6aeb0c9390b72abd37b17a7b330c0d5d4e8ffa3daeb55ff3ca91c23diDefense Security Advisory 07.28.09 - Remote exploitation of an information disclosure vulnerability in Microsoft's ATL/MFC ActiveX template, as included in various vendor's ActiveX controls, allows attackers to read memory contents within Internet Explorer. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL version 9.0. Any source code compiled with these libraries may also be vulnerable. Previous versions may also be affected.
c267c222d9c34b1a2d7d1db54912e2fbbb444fafe882d61044c1ce0bd64bd46fiDefense Security Advisory 07.28.09 - Remote exploitation of a logic flaw vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code, as included in various vendors' ActiveX controls, could allow attackers to bypass ActiveX security mechanisms. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL and MFC. Although later versions of the ATL/MFC are less vulnerable, certain conditions can trigger the same exploit pattern.
d87248b69d8604013d1f30ba472eab8230eac08a11208461df8766f80fcdfc2eiDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in multiple versions of Adobe Systems Inc's Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FlateDecode filter inside a PDF file. FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.
48b4c5eb3ef997087bc4e824ebc4d6c72a992fb1b8e45a08db98b531d00f3505Novell eDirectory/iMonitor Remote Code Execution Security Advisory: Novell's HTTP Protocol Stack (httpstk) is a component of iMonitor which provides a web-based interface for management of eDirectory, an LDAP service forming the basis for many of the world s largest identity-management deployments. The code fails to check the length of client-supplied HTTP Host request-header (e.g. Host: www.host.com) values before using them to build a formatted URL into an inadequate, statically-sized buffer on the stack. This condition occurs in a call to snprintf() while the server is preparing an HTTP redirect response and can be triggered remotely, before any authentication takes place. This can allow attacker supplied code to be executed on vulnerable systems.
83f493818d78f80ff8f029bc85f643e0e2806d60376926715e9dc35b65088b58Hustle Labs Security Advisory - The alwil avast! Anti-virus Engine versions less than 4.7.869 for desktops and versions less than 4.7.660 for servers suffer from vulnerabilities that allows for local and remote code execution. Full details provided.
16e662cec2bb15035d4ca8470c82242b3be4981401d5abffe91a81653f40d323Tumbleweed's Email Firewall has three separate vulnerabilities within its LHA processing routines inside of its EMF Decomposer.
cf7a9b4501c04e92a6ed5abde20ee84edf7fef2e8eac2339fddcd0c475b3757bWinRAR versions less than 3.60 beta 7 and greater than 3.0 suffer from multiple buffer overflows due to a lack of constraints while copying data.
f8b7381f74499f50992c3a3cf3c3f915a313f8b38f1c339d779fb109ce1a2ea2Hustle Labs Advisory - There is an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. All versions of Novell Netware and Novell Netware Client for Windows are affected. All Netware based versions of Novell Open Enterprise Server are affected. Detailed analysis provided.
435daa5ce9ab016eefbb6be70ac9be842be30a1b33f6b52faa8e122246865e00
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed