Saturday, April 26th, 2008
WordPress 2.5.1 came out recently. It includes a critical security fix for a cookie integrity bug that would allow an attacker to impersonate other users, including WordPress admins, by manipulating the contents of an HTTP cookie. Whenever I read about a vulnerability predicated on the user identity being embedded ...
Posted in Coding, Internet, Privacy, Security, Software | 1 Comment
Friday, April 25th, 2008
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very ...
Posted in Coding, Internet, Privacy, Security, Software | No Comments
Thursday, April 24th, 2008
Dating back to the end of February, we have been tracking test runs of malicious PDF messages to very specific targets. These PDF files exploit the recent vulnerability CVE-2008-0655.
Ever since the end of March, beginning of April, the amount of samples seen in the wild has significantly increased. Interestingly enough, ...
Posted in Internet, Privacy, Security, Software | No Comments
Wednesday, April 23rd, 2008
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our ...
Posted in Coding, Linux, Security, Windows | No Comments
Tuesday, April 22nd, 2008
Foxit Reader is "a free PDF document viewer and printer, with incredible small size (only 2.1 M download size), breezing-fast launch speed and rich feature set. Foxit Reader supports Windows 98/Me/2000/XP/2003/Vista". Two security vulnerability in Foxit Reader allow a remote attacker armed with a malformed PDF file to cause the ...
Posted in Security, Software | No Comments
