Less than a month after Trend Micro discovered Vista flaws being sold off for $50,000 in the underground market by hackers, VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. This is part of its three-year old Vulnerability Contributor Program which compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code. 3Com’s Zero Day Initiative is a similar program.
Secunia reports that Piotr Bania has found a vulnerability in Adobe Reader, which can potentially be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error when processing PDF files. This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a specially-crafted PDF file is opened.
I reported that Microsoft had planned to release Office Fixes today. It did release office fixes, but the zero-day bug in Word still remains unpatched. eWeek reports that four were pulled citing problems with the quality of the updates.
It had to be coming. As part of its monthly patches release, Microsoft will be releasing eight security bulletins with patches for a several Windows and Office vulnerabilities. These include the patches for Microsoft Word which had remained unpatched last month.
Microsoft sure has a lot of running work to do. Just a day after a Zero Day flaw was detected in Word, a new flaw has been detected in Windows Media Player. There is a detailed explanation for it as below: The Windows Media Player library WMVCORE.
We have always known Windows to be spyware prone. However, one thing that was considered to be without spyware is the Mac. Well, until F-Secure received a proof-of-concept sample of an adware program for Mac OS X.
Just when we were settling into the so called more secure versions of the two most popular browsers, Robert Chapin has stated that both Internet Explorer 7 and Firefox 2 are vulnerable to what he dubbed as a reverse cross-site request, or RCSR. An exploit for this flaw has already been seen on social-networking site MySpace.com when Netcraft discovered a fraudulent login page was hosted on MySpace servers.
Phishing Scams have been a major problem for large corporations. As of today there aren’t any sure fire solutions. IE, Firefox and Opera as well today implement a check to see if the site is fraudulent or not.
Secunia Advisories reports that Kacper has found a vulnerability in the Spider Friendly module for phpBB The vulnerability is reported in version 1.3.10 of the module, with the possibility that other versions may also be affected.
Simple Machines has just released a security patch for SMF. This release addresses a cross-site scripting vulnerability in the search function. The fix for the 1.