ep's blog

Adobe to Patch Flash Zero Day on Windows, Mac on Friday, April 15, 2011

https://threatpost.com/en_us/blogs/adobe-patch-flash-zero-day-windows-ma...

Thanks to Kevin for the heads up.

"Adobe is planning to patch the recently disclosed Flash Player
vulnerability on Friday for users on Windows, Mac OS X and Linux. The
vulnerability is being used in targeted attacks right now that use
malicious Word documents.

Horde IMP Webmail 'fetchmailprefs.php' HTML Injection Vulnerability

http://www.securityfocus.com/bid/43515/info

"Horde IMP Webmail is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied data before it is used
in dynamic content.

Attacker-supplied HTML or JavaScript code could run in the context of
the affected site, potentially allowing the attacker to steal
cookie-based authentication credentials and to control how the site is
rendered to the user; other attacks are also possible.

VMware vmrun utility local privilege escalation

https://www.vmware.com/security/advisories/VMSA-2011-0006.html

"The VMware vmrun utility is susceptible to a local privilege escalation
in non-standard configurations."

All users of the vmrun utility should visit the advisory and see if
his/her instance is susceptible. If so, it is critical to update the
software through the links provided in the advisory.

APPLE-SA-2010-11-18-1 Safari 5.0.3 and Safari 4.1.3

http://support.apple.com/kb/HT4455
http://support.apple.com/kb/HT4455

Safari 5.0.3 and Safari 4.1.3 is now available and fix various security
vulnerabilities including: unexpected application termination, arbitrary
code execution, surreptitious user tracking, disclosure of image data,
location bar address spoofing, location bar arbitrary history insertion,
undesired DNS prefetching.

Pages