VUPEN Security - Security Blog 24x7

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

VUPEN Security - Security Threats Watch 24x7

Apple Safari Update Fixes Critical Vulnerabilities

A security update is available for Apple Safari on Mac OS X and Windows to address various vulnerabilities.

One of the fixed vulnerabilities was discovered by VUPEN and reported to Apple three months ago. This flaw is caused by an integer overflow error in ColorSync when processing certain images with an embedded color profile.

We recommend updating your Safari browser to version 4.0.5 as soon as possible.

Published : 2010-03-12 10:19:09 UTC

Microsoft IE 0-Day and Patches for Excel and Windows

Microsoft released two security advisories and addressed eight vulnerabilities affecting Microsoft Office Excel and Windows Movie Maker.

These issues could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document or a MS Windows Movie Maker project file (.MSWMM).

One of the fixed vulnerabilities in Excel was discovered by VUPEN and reported to the vendor eight months ago.

Microsoft has also published a security advisory related to a zero-day vulnerability affecting Internet Explorer 7 and 6. This unpatched issue is being exploited in targeted attacks.

Our in-depth binary analysis of the vulnerabilities and exploits/PoCs are available through the VUPEN Binary Analysis and Exploits Service.

Users and administrators are urged to apply patches as soon as possible and to set Internet and Local intranet security zone settings in IE to "High" to block ActiveX Controls and Active Scripting.

Published : 2010-03-09 15:44:09 UTC - Updated : 2010-03-09 20:51:36 UTC

VUPEN Security Research - Unpatched Vulnerabilities

VUPEN Vulnerability Research Team is one of the most active security teams in the world. Additionally to analyzing and reversing freshly patched or publicly disclosed flaws, VUPEN team is dedicated to finding new and unpatched security vulnerabilities in prominent and widely deployed software, helping major vendors to eliminate security vulnerabilities in their products.

In 2009, VUPEN discovered and reported 40 vulnerabilities in products from Adobe, Microsoft, Novell, Sun, Apple, Oracle, and others.

In 2010, the number of vulnerabilities being discovered and reported by VUPEN is going up. Since January 2010, VUPEN has already discovered 30 unpatched vulnerabilities.

VUPEN follows a responsible disclosure policy and reports all discovered vulnerabilities to the affected vendor and works with them to create a timetable pursuant to which the vulnerability information may be publicly released.

As of today, a total of 50 vulnerabilities reported to Apple, Adobe, Microsoft, Sun, and Oracle, remain unpatched.

Published : 2010-02-24 14:11:52 UTC - Updated : 2010-02-27 19:53:05 UTC

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-19

CA ARCserve Backup JRE Code Execution and Security Bypass Issues

>> 2010-03-19

Debian Security Update Fixes PHP XML-RPC Denial of Service Issue

>> 2010-03-19

Ubuntu Security Update Fixes Thunderbird Multiple Vulnerabilities

>> 2010-03-18

IBM DB2 Content Manager Web Services Single Sign-on Vulnerability

>> 2010-03-18

Transmission "tr_magnetParse()" Magnet Buffer Overflow Vulnerability

More Informations