ie8 fix

Zero Days

Storm Worm strikes again

A new variant of the Storm Worm (aka Snow Worm) is slamming into e-mail inboxes worldwide as an apparent patch or fix for a recent worm attack. The latest variant appears to ride on the coattails of worm that Trend Micro calls Nuwar.AOP.The Trojan part of this worm is known as Small (Kaspersky and Trend Micro), Downloader (McAfee), Peacomm (Symantec), and officially by the designation CME (Common Malware Enumeration) 711.

According to Ken Dunham of iDefense, this new variant worm includes anti-security measures to hinder analysis, and sends out copies of itself inside of a password protected ZIP more

Windows dynamic DNS update mechanism

The dynamic DNS update mechanism within the DNS Server service in Microsoft Windows does not properly authenticate clients. This occurs with certain configurations, and can allow remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic. The can also use this flaw to conduct pharming attacks by poisoning DNS records, and cause a denial of service attack.

Additional Resources

MILW0RM: Advisory 3544

Windows Web Proxy Autodiscovery flaw

Versions of Microsoft Windows 2000 and Windows Server 2003 use the Web Proxy Autodiscovery Protocol (WPAD) within Internet Explorer. WPAD allows IE to locate a Web proxy's auto-config file and thus configure the browser's proxy settings. The way the system is currently implemented, a malicious user could configured a WINS or DNS proxy server on a site, then when a vulnerable IE browser connects, intercept all subsequent traffic.

Additional Resources

Microsoft: Advisory 934864

FRsirt: 1115

CNET News.com: Windows weakness can lead to network traffic hijacks

Windows animated cursor attack

There's a new Microsoft Windows vulnerability being exploited across the Internet on over 100 Web sites, according to security vendor Websense. The vulnerability is caused by an unspecified error in the way Windows 2000, XP, and Vista handles animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type so simply blocking .ani files won't necessarily protect a PC. Users need not do anything but visit a compromised site to become infected. Antivirus more

Update for Internet Explorer 7

If you've disabled the antiphishing filter in Internet Explorer 7, you're not alone. The filter, as it currently works, takes something short of forever to process each site, deciding whether to mark it as safe for viewing or suspect as a potential phishing site. In response, Microsoft has quietly issued a service update for users of Internet Explorer 7 for XP and Windows Vista, running on Windows Vista (all editions, including x64 editions), Windows XP SP2, Windows XP Professional x64, Windows Server 2003 SP1, and Windows Server 2003 SP1 x64 editions.

Integer overflow in Microsoft Internet Explorer 6

There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.

Additional resources:

more

Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

Adobe Reader Open Parameters XSS

In a conference paper titled "Subverting Ajax," security researchers Stefano Di Paola and Giorgio Fedon identified multiple cross-site scripting (XSS) vulnerabilities. One flaw in particular, the open parameters vulnerability, is quite easy to execute on vulnerable versions of Adobe Reader. A malicious attack can be carried out by referencing any Web-based PDF file and supplying potentially malicious JavaScript code as an open parameter to any Web-based PDF file. For example

http://www.(domain name).com/file.pdf#whatever_name_you_want=javascript:your_code_here

The researchers contacted Adobe in October with their findings and only recently made their work public. Adobe has since released more

Apple QuickTime rtsp URL handler buffer overflow

There's a buffer overflow affecting both the Windows and Mac version of Apple QuickTime 7.1.3 real-time streaming protocol (rtsp). The flaw allows remote attackers to execute arbitrary code which could allow remote access and the arbitrary execution of malicious code on compromised machines. If a user clicks a very long and specially crafted QuickTime video URL, an attacker could load malicious code onto Microsoft Windows or Apple Mac OS X machines.

At this time, there is no patch available from Apple. Users should avoid clicking URLs that begin with "rstp://." One workaround within QuickTime is to disable more

  • Recently Viewed Products
  • My Lists
  • My Software Updates
  • Promo
  • Log In | Join CNET