This is a different kind of WordPress tip, but a highly essential one. A little towards the end of last year, David Kierznowski discovered a minor security flaw, a flaw nonetheless in WordPress version 2.0.5. It is possible that all lower versions are affected as well. It was notified to the WordPress team and Mark Jaquith was quick to respond with a fix. However, there has been no public announcement of the vulnerability and a fix as well from the WordPress team, which is not only shocking but also extremely irresponsible on their part. I do understand the reason of…

Read the rest of this post…

Microsoft sure has a lot of running work to do. Just a day after a Zero Day flaw was detected in Word, a new flaw has been detected in Windows Media Player. There is a detailed explanation for it as below: The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of “REF HREF” URLs within ASX files. If the URL contains an unrecognized protocol (only “file”, “ftp”, “http”, “https”, “mms”, “mmst”, “mmsu”, “rtsp”, “rtspt”, and “rtspu” appear to be recognized), the function at 7D7A8F27 in WMVCORE.DLL version 9.0.0.3250, and at 086E586E in WMVCORE.DLL…

Read the rest of this post…

Secunia Research has found yet another flaw in Internet Explorer 7. The problem is that a website can inject content into another site’s window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website. This follows immediately after two recent bugs in IE7, viz. Internet Explorer 7 “mhtml:” Redirection Information Disclosure and Internet Explorer 7 Popup Address Bar Spoofing Weakness Advisory Available in Danish The flaw has been marked as Moderately critical. As of now there is no update…

Read the rest of this post…