Zero Days
Storm Worm strikes again
According to Ken Dunham of iDefense, this new variant worm includes anti-security measures to hinder analysis, and sends out copies of itself inside of a password protected ZIP more
Windows dynamic DNS update mechanism
Additional Resources
MILW0RM: Advisory 3544
Windows Web Proxy Autodiscovery flaw
Additional Resources
Microsoft: Advisory 934864
FRsirt: 1115
CNET News.com: Windows weakness can lead to network traffic hijacks
Windows animated cursor attack
Update for Internet Explorer 7
Integer overflow in Microsoft Internet Explorer 6
There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.
Additional resources:
- Microsoft: Advisory 926043
Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability
This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.
Additional Resources:
- French Security Incident Response Team: ADV-2006-2814
- BrowserFun: #15
- National Institute of Standards and Technology: CVE-2006-3458
Adobe Reader Open Parameters XSS
In a conference paper titled "Subverting Ajax," security researchers Stefano Di Paola and Giorgio Fedon identified multiple cross-site scripting (XSS) vulnerabilities. One flaw in particular, the open parameters vulnerability, is quite easy to execute on vulnerable versions of Adobe Reader. A malicious attack can be carried out by referencing any Web-based PDF file and supplying potentially malicious JavaScript code as an open parameter to any Web-based PDF file. For example
http://www.(domain name).com/file.pdf#whatever_name_you_want=javascript:your_code_here
The researchers contacted Adobe in October with their findings and only recently made their work public. Adobe has since released more
Apple QuickTime rtsp URL handler buffer overflow
There's a buffer overflow affecting both the Windows and Mac version of Apple QuickTime 7.1.3 real-time streaming protocol (rtsp). The flaw allows remote attackers to execute arbitrary code which could allow remote access and the arbitrary execution of malicious code on compromised machines. If a user clicks a very long and specially crafted QuickTime video URL, an attacker could load malicious code onto Microsoft Windows or Apple Mac OS X machines.
At this time, there is no patch available from Apple. Users should avoid clicking URLs that begin with "rstp://." One workaround within QuickTime is to disable more