Apple Safari Update Fixes Critical Vulnerabilities
A security update is available for Apple Safari on Mac OS X and Windows to address various vulnerabilities.
One of the fixed vulnerabilities was discovered by VUPEN and reported to Apple three months ago. This flaw is caused by an integer overflow error in ColorSync when processing certain images with an embedded color profile.
We recommend updating your Safari browser to version 4.0.5 as soon as possible.
Published : 2010-03-12 10:19:09 UTC
Microsoft IE 0-Day and Patches for Excel and Windows
Microsoft released two security advisories and addressed eight vulnerabilities affecting Microsoft Office Excel and Windows Movie Maker.
These issues could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document or a MS Windows Movie Maker project file (.MSWMM).
One of the fixed vulnerabilities in Excel was discovered by VUPEN and reported to the vendor eight months ago.
Microsoft has also published a security advisory related to a zero-day vulnerability affecting Internet Explorer 7 and 6. This unpatched issue is being exploited in targeted attacks.
Our in-depth binary analysis of the vulnerabilities and exploits/PoCs are available through the VUPEN Binary Analysis and Exploits Service.
Users and administrators are urged to apply patches as soon as possible and to set Internet and Local intranet security zone settings in IE to "High" to block ActiveX Controls and Active Scripting.
Published : 2010-03-09 15:44:09 UTC - Updated : 2010-03-09 20:51:36 UTC
VUPEN Security Research - Unpatched Vulnerabilities
VUPEN Vulnerability Research Team is one of the most active security teams in the world. Additionally to analyzing and reversing freshly patched or publicly disclosed flaws, VUPEN team is dedicated to finding new and unpatched security vulnerabilities in prominent and widely deployed software, helping major vendors to eliminate security vulnerabilities in their products.
In 2009, VUPEN discovered and reported 40 vulnerabilities in products from Adobe, Microsoft, Novell, Sun, Apple, Oracle, and others.
In 2010, the number of vulnerabilities being discovered and reported by VUPEN is going up. Since January 2010, VUPEN has already discovered 30 unpatched vulnerabilities.
VUPEN follows a responsible disclosure policy and reports all discovered vulnerabilities to the affected vendor and works with them to create a timetable pursuant to which the vulnerability information may be publicly released.
As of today, a total of 50 vulnerabilities reported to Apple, Adobe, Microsoft, Sun, and Oracle, remain unpatched.
Published : 2010-02-24 14:11:52 UTC - Updated : 2010-02-27 19:53:05 UTC
|