Zero Day in Adobe Acrobat and Reader Part 3 Oh Crap

Secunia has verified disabling javascript does not provide full protection against the zero day in all supported versions of Adobe Acrobat and Adobe Reader. The current exploit seen in the wild uses javascript to perform a heap spray for code execution. The vulnerability is in in a non-javascript function call. The original alert put out …

Continue reading ‘Zero Day in Adobe Acrobat and Reader Part 3 Oh Crap’ »

Zero Day in Adobe Acrobat and Reader Part 2

Adobe has posted a security advisory for the zero day in Adobe Acrobat and Reader that I blogged about yesterday. They say they are “planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March …

Continue reading ‘Zero Day in Adobe Acrobat and Reader Part 2’ »

Targeted attacks on Wordpad Zeroday

Computer Associates blogged over the weekend on increasing attacks on the Wordpad zero day originally reported in December. In the attack a malicious document is created with the extension .DOC, .RTF or .WRI. You must manually open the document for the attack to take place. If Office is installed, .DOC files will likely open in …

Continue reading ‘Targeted attacks on Wordpad Zeroday’ »

Article:Flash Ads launch clipboard hijack

Link We all know that malicious ads can be hosted by legit sites. Generally being fully patched (including third party apps) is a good protection against most attacks other than social engineering. Ryan Naraine of The Zero Day Blog over at ZDNet reports that malicious Adobe Flash ads are being used to hijack the clipboard …

Continue reading ‘Article:Flash Ads launch clipboard hijack’ »

New Adobe Flash Vulnerability

There were multiple reports today of an unpatched Adobe Flash vulnerability currently being exploited. Symantec Bugtraq reports that this exploitation is fairly widespread.SQL injection has been used to insert code onto otherwise legitimate websites that results malware loading to exploit Flash. Not a lot to be done. You could crawl into the Firefox/noscript cave. I’d …

Continue reading ‘New Adobe Flash Vulnerability’ »

Another Vulnerability in Quicktime? Oh Come on

US CERT has posted an alert about a zero day vulnerability in Quicktime US-CERT is aware of a vulnerability in Apple QuickTime that may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. Until a security fix becomes available, US-CERT encourages users and administrators to follow the Securing …

Continue reading ‘Another Vulnerability in Quicktime? Oh Come on’ »