ep's blog

Adobe to Patch Flash Zero Day on Windows, Mac on Friday, April 15, 2011


Thanks to Kevin for the heads up.

"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability


"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

VMware vmrun utility local privilege escalation


"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.

APPLE-SA-2010-11-18-1 Safari 5.0.3 and Safari 4.1.3


Safari 5.0.3 and Safari 4.1.3 is now available and fix various security
vulnerabilities including: unexpected application termination, arbitrary
code execution, surreptitious user tracking, disclosure of image data,
location bar address spoofing, location bar arbitrary history insertion,
undesired DNS prefetching.