Archive for October 2007
Attacks exploiting RealPlayer zero-day in progress
Posted by: agent0x0
Yet another example of vulnerabilities in client software (ie: drive by downloads)..which is a huge attack vector. I can't remember when the last remotely exploitable vulnerability was. As usual, IE ActiveX is to blame (when running RealPlayer 10.5 or 11 beta). Below is an article about the vulnerability:
Attacks exploiting RealPlayer zero-day in progress
Security Focus BID here.
Patch located here.
If you haven't already..as a reminder stop using IE and use Firefox or another non-ActiveX browser. You may also want to disable ActiveX even if you don't use IE on your Windows PC to mitigate the potential risk of future exploits.
Attacks exploiting RealPlayer zero-day in progress
Security Focus BID here.
Patch located here.
If you haven't already..as a reminder stop using IE and use Firefox or another non-ActiveX browser. You may also want to disable ActiveX even if you don't use IE on your Windows PC to mitigate the potential risk of future exploits.
Automate the workaround for the critical Adobe Security Vulnerability
Posted by: agent0x0
If you haven't heard...there is a critical security vulnerability that affects Adobe Acrobat and Adobe Reader, versions 8.1 and below.
See Adobe Security Advisory APSA07-04 and CVE-2007-5020.
According to the Adobe Security Advisory, your machine is vulnerable if you have:
* Adobe Reader 8.1 and earlier OR Adobe Acrobat 8.1 and earlier
* Windows XP
* Internet Explorer 7
Javacool Software has a nice little tool that implements the workaround mentioned in the Adobe security advisory here.
See Adobe Security Advisory APSA07-04 and CVE-2007-5020.
According to the Adobe Security Advisory, your machine is vulnerable if you have:
* Adobe Reader 8.1 and earlier OR Adobe Acrobat 8.1 and earlier
* Windows XP
* Internet Explorer 7
Javacool Software has a nice little tool that implements the workaround mentioned in the Adobe security advisory here.