securityadmin's blog

Microsoft Windows Animated Cursor Handling Vulnerability

http://www.kb.cert.org/vuls/id/191609 - It appears that a buffer overflow vulnerability is exploitable in using animated cursors that can be found on various websites and in emails. This affects versions of Microsoft Windows 2000, XP and Vista. The vulnerability allows for automatic opening of malicious websites and exection of code. Active exploitation of the vulnerability is currently ongoing.

Linux Kernel Multiple, Local, Denial of Service Vulnerabilities under v2.6.20.4

http://secunia.com/advisories/24618/. There exist multiple, local, IPv6 vulnerabilities in the Linux kernel prior to 2.6.20.4. These vulnerabilities could lead to local Denial of Service (DoS) attacks, including kernel crash. This can be exploited locally, no remote exploitation has been reported at this time.

Linux Kernel Multiple, Local, Denial of Service Vulnerabilities under v2.6.20.4

http://secunia.com/advisories/24618/. There exist multiple, local, IPv6 vulnerabilities in the Linux kernel prior to 2.6.20.4. These vulnerabilities could lead to local Denial of Service (DoS) attacks, including kernel crash. This can be exploited locally, no remote exploitation has been reported at this time.

Mozilla SVG Processing Remote Code Execution

emailed security@ias.edu
It appears that versions of Firefox earlier then 1.5.0.9 and 2.0.0.1 and SeaMonkey 1.0.7 are vulnerable to a remote denial of service (DoS).

This flaw was introduced in Firefox 1.5.0.4.

This bug can create a DoS by crashing the browser. It does not appear that this exploit can execute any malicious code on the users computer at this time.

Proposed mitigation is to upgrade the browser to the latest version, or disable JavaScript until an upgrade is possible.

Pages