Security researchers from ACROS Security have identified a binary planting vulnerability in the Java Runtime Environment (JRE) which allows the execution of arbitrary files.Binary planting vulnerabilities stem from the way programs search for files they need to load when no absolute path is given.In such cases, appli... |
11 July 2011
13:43 GMT |
 |
|
Google has released a new version of its Picasa image organizing software in order to address a vulnerability that could be exploited to execute arbitrary code remotely.According to vulnerability research vendor Secunia, which rates it as highly critical, the flaw allows for attacks known as DLL hijacking or binary p... |
25 March 2011
12:31 GMT |
|
|
A security and stability update has been released for Adobe Illustrator CS5, fixing a DLL preloading vulnerability which could be exploited to execute arbitrary code.Also known as DLL hijacking, binary planting or DLL side loading, this type of vulnerability stems from the use of an insecure search path by some libra... |
6 December 2010
11:48 GMT |
|
|
Security giant McAfee is investigating a publicly disclosed DLL preloading vulnerability in version 8.5i of its VirusScan Enterprise (VSE) product, which can lead to remote code execution.McAfee VirusScan Enterprise is the company’s endpoint antivirus product for corporate environments and is currently at versi... |
2 December 2010
08:47 GMT |
|
|
The newly released 3.1.5 and 3.0.9 versions of Mozilla Thunderbird, address a total of eleven vulnerabilities affecting the popular open source email client, including eight that are rated critical.Three memory corruption vulnerabilities (CVE-2010-3176, CVE-2010-3175, CVE-2010-3174) that could potentially be exploite... |
20 October 2010
13:49 GMT |
|
|
Mozilla has released Firefox 3.6.11 and Firefox 3.5.14 in order to address multiple vulnerabilities, many of which are several rated critical.A total of nine security advisories were published. Five have a critical impact, two high, one moderate and one low.One advisory (MFSA 2010-71) covers two unsafe library loadin... |
20 October 2010
04:08 GMT |
|
|
The VideoLAN Project has released version 1.1.4 of its popular VLC media player application, which addresses a DLL preloading vulnerability allowing for arbitrary code execution.DLL preloading or binary planting is a recently disclosed type of vulnerability which stems from the use of an insecure search path in libra... |
27 September 2010
11:03 GMT |
|
|
Security researchers have disclosed yet another propagation routine used by the infamous Stuxnet worm, which is very similar to the binary planting techniques disclosed recently.New revelations keep on coming in the case of the Stuxnet worm, already considered by most experts the most sophisticated piece of malware t... |
27 September 2010
04:03 GMT |
|
|
QuickTime 7.6.8 for Windows has been released to address two critical arbitrary code execution vulnerabilities, one of which was being actively exploited in the wild.The first vulnerability, identified as CVE-2010-1818, is located in the QuickTime ActiveX control and can be leveraged to execute arbitrary code by tric... |
16 September 2010
06:31 GMT |
|
|
Security researchers revealed that EXE files are vulnerable to the same type of remote binary planting attacks, which can be used to load rogue DLLs.According to Microsoft, binary planting or DLL hijacking bugs are the result of insecure programming practices and occur when applications try to load external libraries... |
11 September 2010
09:10 GMT |
|
|
Apple has released security updates for its Safari Web browser in order to address three vulnerabilities that could result in arbitrary code execution.The new Safari 5.0.2 was released for both Windows and Mac OS X, while the 4.1.2 update is only available to Mac Tiger users.One of the resolved issues, identified as ... |
8 September 2010
04:41 GMT |
|
|
Mozilla has released version 3.6.9 of its popular Firefox Web browser in order to address numerous security issues, many of which are rated as critical. In total, ten of the security advisories bear the critical impact key, but the actual number of patched vulnerabilities is higher since one of them covers "several ... |
8 September 2010
03:38 GMT |
|
|
A new Security Advisory released by Microsoft is designed to help customers fend off eventual DLL preloading attacks. However, Microsoft Security Advisory 2269637 is in no way designed to address vulnerabilities in the Redmond company’s products.The software giant explained that the advisory is simply a respon... |
24 August 2010
09:52 GMT |
|
|
Find us on Google+
