Microsoft Pressured To Patch Zero Day As VUPEN Creates Serious Exploit
Microsoft is facing pressure to patch a zero-day threat that is being exploited in the wild, as vulnerability seller VUPEN has found a way to make the exploit work across […]
View ArticleZero-day XML Core Services vulnerability included in Blackhole exploit kit
Shortly after our original advisory about the latest zero-day vulnerability in Microsoft XML Core Services (CVE-2012-1889), code to exploit the vulnerability was seen in a Blackhole exploit kit. The...
View ArticleTechnical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 1
Last month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote […]
View ArticleTechnical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 2
In the first part of our three-part blog entry about HTML_EXPLOYT.AE, we provided an analysis on how HTML_EXPLOYT.AE uses Microsoft XML Core Services vulnerability (CVE-2012-1889). As previously...
View ArticleTechnical Analysis of CVE-2012-1889 Exploit HTML_EXPLOYT.AE Part 3
As discussed in our previous blog entries, we’ve found an exploit (Trend Micro detection HTML_EXPLOYT.AE) that targets a vulnerability found in Microsoft XML Core Services (CVE-2012-1889). Based on our...
View ArticlePatch Tuesday July 2012 – Focus on the Browser
This month’s patch Tuesday brings a set of three “critical” bulletins focused on Windows/web browser component vulnerabilities and six other bulletins rated “important”. In other words, two of the...
View ArticlePatch Tuesday critical fixes for July 2012
Microsoft has released nine patches this month, including the much awaited fix for MSXML (CVE-2012-1889). Read more: Patch Tuesday critical fixes for July 2012
View ArticleHigh School Webpage Targeted by CVE-2012-1889 Exploit
We observed a zero-day attack aimed at a Chinese high school webpage and leveraged the Microsoft XML Core Services vulnerability. This discovery came about just days after Microsoft released an […]
View ArticleJuly 2012 Patch Tuesday Includes Update for MS Security Advisory (2719615)
Microsoft released nine bulletins yesterday, including a patch for MS Security Advisory (2719615), which Microsoft put out on the same day of last month’s bulletin release. Although we have not […]
View ArticlePatch Tuesday August 2012 – An Array of Client-Side and Server-Side Targets
August brings a wild array of Microsoft technologies to update this month, with both significant client side and server side targets in this month’s list of vulnerable software. Nine security […]
View ArticleMultiple Zero-Day POC Exploits Threaten Oracle MySQL Server
...and heap/stack overrun. These vulnerabilities have been acknowledged by the vendor and assigned to CVE ids CVE-2012-5611, CVE-2012-5612, CVE-2012-5613, CVE-2012-5614, and CVE-2012-5615 respectively....
View ArticleCVE-2012-0158 Exploitation Seen in Various Global Campaigns
...now and previously, the CVE of choice is CVE-2009-3129. RTF file dropped is 20120420.doc, which could pertain to the date April 20, 2012, a day after the malicious document has been...
View ArticleJS_DLOADER.SMGA Exploits CVE-2012-1875 Vulnerability in Internet Explorer
...such vulnerabilities don’t show up quickly. Since the affected software is Internet Explorer, this attack has significant impact among millions of IE8 users. By exploiting CVE-2012-1875,...
View ArticleRecent Threats Highlight Vulnerabilities CVE-2012-0779 and CVE-2012-0507
...a malicious attachment. The malicious attachment, as expected, is a file that exploits CVE-2012-0779, found in several versions of Adobe Flash Player. Exploitation results to a possible attacker...
View Article2012: #yearinreview, Part 3
...Part 3 of our 2012: #yearinreview — October to December. October 3, 2012 It won’t be long until we’ll be unable to create a CAPTCHA that computers couldn’t solve....
View Article2012: #yearinreview, Part 1
...2012: a year in which even Pope Benedict XVI started to Tweet his pontifications. Dear friends, I am pleased to get in touch with you through Twitter. Thank you...
View Article2012: #yearinreview, Part 2
...Here’s part 2 of our 2012: #yearinreview — July to September. July 4, 2012 Thank you CERN. For creating the web. And also, for finding the boson. #science —...
View ArticleExploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate
...less powerful. CVE Number Vulnerable Application Date Identified First Exploit Kit to Integrate Patch Release Date CVE-2015-8651 Adobe Flash 2016-01-26 Angler 2015-12-28 CVE-2015-8446 Adobe Flash...
View ArticleJuly 2016 Patch Tuesday Releases 11 Security Bulletins; Adobe Fixes...
...Adobe Acrobat and Reader. Trend Micro researchers discovered and reported these vulnerabilities to Microsoft: CVE-2016-3277 (MS16-084) CVE-2016-3277 (MS16-085) CVE-2016-3280 (MS16-088) The following...
View ArticleOctober Patch Tuesday: Microsoft Releases 10 Security Bulletins, Five Rated...
...Initiative (ZDI): CVE-2016-3382 (MS16-118, MS16-119) CVE-2016-3386 (MS16-119) CVE-2016-3383 (MS16-118, MS16-119) CVE-2016-3384 (MS16-118) CVE-2016-6986 (APSB16-32) CVE-2016-6987 (APSB16-32)...
View Article
