|
| ||||||||
Subscribe through Feedburner           ArchivesRecent Comments
|
 |
I try to grab extremely critical vulnerabilities as they occur. Most of the other ones tend to be very anti climactic. The latest one is a nasty little exploit using Office’s snapshot viewer. In essence, this exploit allows a malicious user to download an arbitrary file to a location of their choosing on your machine. This is done within the security context of the current user. Obviously, this is a bad thing because most Win users tend to make themselves administrators. And, this exploit can be executed just by visiting a website. The Internet Explorer activeX plug-in, provided by snapview.ocx, contains this vulnerability. You may have this plug-in even if you don’t have office installed. Currently there is no solution to this issue other than disabling ActiveX. Source: US-Cert 837785 Related Posts:Microsoft Word Unspecified Vulnerability I love that title. Talk about vague. It seems things are hush hush. But the gist of... Excel Remote Code Execution Zero Day A zero day vulnerability is like a candy shop for hackers. It allows them a proven vulnerability with no remedy. ... Microsoft Excel Repair Mode Vulnerability And yet again, Secunia has issued an extremely critical security warning. This time it involves a memory corruption issue... Microsoft Word Memory Vulnerability Well, sometimes it seems that yours truly and super collegiate wonder boy (ie, billy) are joined at the medulla oblongata. ... Zero Day Word Code Execution Vulnerability Secunia is reporting a zero day remote exploit within Microsoft Word. They seemed to have uncovered the exploit while... Comments |
 |
| ||||
