A zero-day exploit for Adobe Reader has been making the rounds since yesterday. From Adobe’s advisory: A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are […]
Microsoft just released MS08-78, a security bulletin describing the issue that has been affecting Internet Explorer users for almost a week (CVE-2008-4844). The bug is fixed for Internet Explorer 5.01, 6, 7 and the beta version of IE8. As Microsoft points out on their Internet Explorer homepage, the browser is now “safer than ever”. Don’t […]
Microsoft has just announced that a fix for the critical bug in Internet Explorer 5, 6 and 7 is to be published tomorrow. As usual, there will be webcasts detailing the fixes: Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & […]
More details about the zero-day exploit for IE7 are starting to surface. The most shocking detail is that this is actually an older issue: eEye reports that this was first seen on 11/15. eEye says that no mitigation strategies currently exist; Symantec suggests that disabling Javascript will at the very least disable the currect attack […]
Just in time for the holidays, a new bug has been found in Internet Explorer that enables hackers to execute arbitrary code. This was first reported by McAfee: The root cause was found to be the incorrect handling of certain XML tags in Internet Explorer 7.x that references already freed memory in the mshtml.dll. We […]
