Category: Security Advisories
01/15/10
IE 0-day Used in Attack on Google and Other Companies
Details about the targeted attack on Google (and 34 other firms) now include the use of an IE 0-day (CVE-2010-0249) in addition to known Acrobat vulnerabilities. Microsoft has released a related advisory and public exploit code is now available. This exp… more »
01/12/10
Multiple BSD Distributions dtoa.c (pdtoa.c) and 'gdtoa/misc.c' Memory Corruption Vulnerability
Several sources including SecurityFocus and SANS ISC are reporting BSD based distributions and other software, including Mac OSX 10.5 and 10.6, are vulnerable to CVE-2009-0689. The vulnerability is reportedly remotely and locally exploitable and because… more »
09/15/09
Compromised nGinx Servers Used to Distribute Malware
As discussed in previous blog entries, nGinx is a favorite web server for malware authors including Conficker and Storm. H-Online is reporting that nGinx servers have been compromised and used along with a dynamic DNS service to distribute malware.
T… more »
09/03/09
IIS 5.0/6.0 0-Day
A remote zero-day for IIS 5.0 and 6.0 FTP servers has been posted to Milw0rm.com. 6.0 servers are reported to be affected if stack cookie protection has been enabled.
The current version is reported to work in Windows 2000 SP4, although other Windows… more »
07/15/09
FireFox 3.5 and IE 0days Exploited In the Wild
It's been an interesting couple of weeks and Blackhat/DefCon are still a little under two weeks away. First, Milw0rm.com shut down, then Milw0rm.com was brought back by str0ke. Now Milw0rm.com is hosting new 0day exploit code for both major web browse… more »
XML Feeds