gHacks technology news » security vulnerability

Adobe Fixes Critical Shockwave Vulnerability

Martin — Thu, 25 Jun 2009 06:51:09 +0000

Adobe has issues a security patch for their Adobe Shockwave software program that fixes on vulnerability that has been rated critical. The vulnerability gives attackers, who can attack systems remotely, control over affected computer systems. The interesting aspect of the issued patch is that Adobe recommends to completely uninstall Adobe Shockwave 11.5.0.596 or earlier on their computer systems before installing the latest version of the software product in which the security vulnerability has been fixed.

To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.

The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave on the program’s website.

It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information per email.

Microsoft Security Bulletin May 2009

Martin — Wed, 13 May 2009 14:05:31 +0000

Microsoft has released the Security Bulletin for May 2009 which contains one Microsoft Office PowerPoint vulnerability which affects various editions of Microsoft Office but also the Microsoft Office PowerPoint Viewer and Microsoft Office Compatibility Pack. Affected are Microsoft Office PowerPoint editions in Microsoft Office 2000, Office XP, Office 2003 and Microsoft Office 2007. The security update is rated as critical for Microsoft Office 2000 editions and important for all other affected editions of Microsoft Office and software programs by Microsoft.

This security update resolves a publicly disclosed vulnerability and several privately reported vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The security update is available on Windows Update and Microsoft Update. Additional information and links can be found at the Security Bulletin that has been created for the security vulnerability. Users of affected software programs are encouraged to perform the security update as soon as possible.

Tags: microsoft security bulleting, microsoft-office, Security, security bulletin, security vulnerability, windows updates

Google Chrome Security Vulnerability

Martin — Wed, 03 Sep 2008 21:41:19 +0000

Now this did not take long. Only one day after releasing a first public beta version of Google Chrome researchers at Kaspersky discovered (Thanks Neil for sending the tip) a security vulnerability that combines a security flaw in Webkit, the browser engine used by Google Chrome, with a Java bug. Apple fixed the vulnerability in Safari back in July after two months of doing nothing about it and it will be interesting to see how fast Google will react to the security vulnerability.

The reason why this vulnerability is still working in Google Chrome is because Google has been using an older version of Webkit for their browser’s core. First of all, users without Java on their computers are completely safe. Users with Java and Chrome installed should read on.

The problem is serious but requires the user’s action to be triggered. If the user clicks on a specifically prepared download the file downloads and executes itself automatically without further user input.

Security expert Aviv Raff has setup a demo website that demonstrates the vulnerability in Google Chrome. The demonstration page provides a download button which will download and execute a Java file immediately without further user interaction. This demo only opens a notepad application but serious harm could be done with such an exploit.

Tags: google browser, google chrome, google chrome security vulnerability, google chrome vulnerability, google security, security vulnerability

Game Over For Windows Vista’s Security?

Martin — Fri, 08 Aug 2008 12:44:57 +0000

I picked up an interesting story over at Neowin entitled “Vista’s Security Rendered Completely Useless by New Exploit” which reports on a new technique hat can “bypass all memory protection safeguards that Microsoft built into Windows Vista.”

The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

Instead of exploiting a security vulnerability the researchers Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. of the architecture of Windows Vista. Another researcher described the technique as “completely game over.”

It’s currently not known if other operating systems are vulnerable as well but it is very likely. The best against this attack would be an add-on like NoScript that would most likely prevent it completely.

Tags: microsoft, Security, security vulnerability, vista security, windows-vista

gHacks technology news » security vulnerability

Adobe Fixes Critical Shockwave Vulnerability

Related posts

Microsoft Security Bulletin May 2009

Related posts

Google Chrome Security Vulnerability

Related posts

Game Over For Windows Vista’s Security?

Related posts