About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Research Team Blog
  Security News and Threats
  Zero-day Threats Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

VUPEN Security News & Threats Watch

 
 Latest Security Updates and Disclosed Vulnerabilities

 Microsoft has released 12 bulletins and addressed 22 vulnerabilities affecting: Internet Explorer, Windows, IIS, Active Directory and Visio.

Some of the patched flaws have been publicly disclosed a few weeks ago : IIS Overflow, Internet Explorer CSS Import, Windows Graphics, and Windows Kernel EoP.

Adobe has also released security updates for Acrobat and Reader, Flash Player, and Shockwave to fix multiple code execution vulnerabilities.

Applying Microsoft and Adobe updates as soon as possible is highly recommended.

Other critical and unpatched vulnerabilities affecting Microsoft, HP, IBM and CA products have been publicly disclosed by ZDI.

 Published : 2011-02-08 21:04:41 UTC

 
 An Unpatched Vulnerability Affects Microsoft Windows

 Microsoft has acknowledged a critical and unpatched vulnerability affecting Windows XP, 2003, Vista, and 2008. Microsoft Windows 7 and Windows Server 2008 R2 are not affected.

It is caused by a stack overflow error in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module when parsing a malformed thumbnail image, and could be exploited to compromise a vulnerable system via a malicious Office document or a network share.

The vulnerability was publicly disclosed two weeks ago at the POC 2010 conference in Seoul, South Korea.

Update : Microsoft has released the MS11-006 security update to fix this vulnerability.

 Published : 2011-01-04 20:23:42 UTC - Updated : 2011-02-08 21:04:41 UTC

 
 A Critical and Unpatched Internet Explorer Vulnerability Disclosed

 A critical and unpatched vulnerability affecting Microsoft Internet Explorer was publicly disclosed.

The original and publicly available proof-of-concept allows an attacker to crash an affected browser but does not allow code execution, however, VUPEN has confirmed that the vulnerability can be exploited to remotely compromise an affected system via a crafted web page.

The vulnerability is caused by a use-after-free error within the "mshtml.dll" library when processing a web page referencing a specially crafted CSS (Cascading Style Sheets) file.

The vulnerability was confirmed with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3, and with Internet Explorer 7 and 6 on Windows XP SP3.

Update : Microsoft has released the MS11-003 security update to fix this vulnerability.

 Published : 2010-12-09 16:18:26 UTC - Updated : 2011-02-08 21:04:41 UTC

 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Feb 2011


  Critical Risk

 : 22%

  High Risk		 : 3%

  Moderate Risk		 : 42%

  Low Risk		 : 33%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 


© 2004-2011 VUPEN Security - Copyright - Privacy Policy