Submitted by ep on
http://www.microsoft.com/technet/security/advisory/2269637.mspx
This attack vector allows for the loading of malicious dynamic-link
libraries (DLLs) when loading certain programs in the Windows operating
system. It is due to applications not specifying the full path to the
trusted library to use in the programming code.
Submitted by ep on
https://rhn.redhat.com/errata/RHSA-2010-0475.html
June 18, 2010
Submitted by ep on
http://core.trac.wordpress.org/ticket/11922
Release overview:
http://core.trac.wordpress.org/query?
status=closed&group=resolution&order=priority&milestone=2.9.2&resolution
=fixed
"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."
It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:
Submitted by ep on
http://searchbliss-webmaster.blogspot.com/2010/05/tabnabbing-new-phishin...
Apparently, when you move to another tab in your web browser, the tab you were originally using can detect that it has lost focus. A malicious website can take the opportunity to load new content in the tab, change its title and appear to be a different website.
When you return, if you try to login using your credentials, you could be handing them over to a malicious source.
Submitted by ep on
http://www.zdnet.com/blog/security/adobe-warns-of-flash-pdf-zero-day-att...
"Adobe issued an alert late Friday night to warn about zero-day attacks
against an unpatched vulnerability in its Reader and Flash Player
software products.
Submitted by ep on
http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
ClamAV has released an announcement that versions older than 0.95 will
be disabled after 2010-04-15.
ClamAV would like to release longer malware signatures that aren't
supported by pre-0.95 versions of ClamAV. For this reason, earlier
versions of ClamAV will break when new signatures are released.
Submitted by ep on
Submitted by ep on
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx
Tuesday, April 13, 2010 is patch Tuesday. Microsoft released this
bulletin summarizing the patches it will release.
8 of these patches mitigate remotely exploitable vulnerabilities.
Users should install these patches during their regular patch Tuesday
patch window.
Thanks,
Brian
Submitted by ep on
http://www.securityfocus.com/bid/39247
"MIT Kerberos is prone to a remote denial-of-service vulnerability in
'kadmind'.
An attacker may exploit this issue to cause the affected application to
crash, denying service to legitimate users.
MIT Kerberos 5 1.5 through 1.6.3 are vulnerable. "
Patches are available for MIT Kerberos, RHEL and Ubuntu. It is
recommended that users upgrade to the latest release to avoid exploitation.
Thanks,
Brian
Submitted by ep on
http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_functio...
A design feature in PDF allows for the execution of a program from
within the PDF. Most PDF readers supply a warning about executing the
program before continuing.
A researcher last week showed how the warning message could be rewritten
by a malicious PDF and trick the user into allowing it to execute. It
could potentially infect other PDFs or run whatever the attacker desired.