by certifiedbug on February 23, 2011
in Microsoft
TechNet
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
Published: February 23, 2011
Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.
Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.
Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.
http://www.microsoft.com/technet/security/advisory/2491888.mspx
Alex Eckelberry writes about a Rash of fake sites copying PC World, CastleCops, others at the Sunbelt blog.
As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.
There are other domains sharing the same IP (207.226.177.250):
pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net
All are copying legitimate sites.
These domains belong to the “Vladzone” malware gang.
Check out the screenshots if you don’t think you could be fooled. The fake sites look very similar to the real thing, so be careful.
Edit
Sunbelt: More Vladzone fake pages
Secunia Research 20/05/2008
Foxit Reader “util.printf()” Buffer Overflow.
1) Affected Software
* Foxit Reader 2.3 build 2825
NOTE: Other versions may also be affected.
2) Severity
Rating: Highly critical
Impact: From remote
Where: System access
3) Vendor’s Description of Software
“Foxit Reader is a free PDF document viewer and printer, with
incredible small size (only 2.55 M download size), breezing-fast
launch speed and rich feature set. Foxit Reader supports Windows Me/
2000/XP/2003/Vista. Its core function is compatible with PDF Standard
1.7.”.
Product Link:
http://www.foxitsoftware.com/pdf/rd_intro.php
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Foxit Reader, which
can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
“util.printf()” JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.
5) Solution
The vulnerability is fixed in upcoming version 2.3 build 2912.
6) Time Table
23/04/2008 – Vendor notified.
08/05/2008 – Vendor notified again.
08/05/2008 – Vendor response.
20/05/2008 – Public disclosure.
by certifiedbug on March 25, 2008
in Browser
Apple
Engineers designed Safari to be secure from day one.
Secunia Advisory: SA29483
Release Date: 2008-03-24
Safari Address Bar Spoofing and Memory Corruption Vulnerabilities
Highly critical
Impact: Spoofing
System access
Where: From remote
Solution Status: Unpatched
Description:
Juan Pablo Lopez Yacubian has discovered two vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user’s system.
1) An error when downloading e.g. a .ZIP file with an overly long filename can be exploited to cause a memory corruption.
Successful exploitation may allow execution of arbitrary code.
2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.
The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.