buffer-overflow vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Steps Involved in Exploiting a Buffer Overflow Vulnerability Using a SEH Handler

This paper uses buffer overflow vulnerability in an application to overwrite the SEH handler. This paper will outline all the steps necessary to exploit such vulnerability, from detecting the point of buffer overflow in the application, to writing an exploit. The exploit uses an Activex control (XXXXX.dll) having buffer overflow...

Tags: Buffer-overflow Vulnerability, Buffer-overflow, Viruses And Worms, Security

White papers 2009-03-17

Windows 2000 HyperTerminal Buffer Overflow Vulnerability Patch May 25, 2001 (Windows)

This update resolves the 'HyperTerminal Buffer Overflow' security vulnerability in Windows 2000. If you receive and open an HTML e-mail message that contains a particularly malformed Web address URL, the URL can be used to exploit this vulnerability and run arbitrary code on your computer.

Tags: Buffer-overflow Vulnerability, Microsoft Windows, Microsoft Windows 2000, Operating Systems, Security, Software

Software downloads 2001-06-30

Windows Me HyperTerminal Buffer Overflow Vulnerability May 24, 2001 (Windows)

This patch eliminates a security vulnerability in the HyperTerminal application that ships with several Microsoft operating systems. This vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user's system. The HyperTerminal application is a utility that installs, by default, on all versions of Windows...

Tags: Buffer-overflow Vulnerability, Microsoft Windows 2000, Vulnerability, Microsoft Windows ME, HyperTerminal, HyperTerminal Application, Telnet, Microsoft Windows, Microsoft Windows 98, Operating Systems, Security, Networking, Software

Software downloads 2001-06-30

Additional Resources

Mozilla blocks dangerous MS .NET Firefox add-on

RE: Mozilla blocks dangerous MS .NET Firefox add-onIf it had to be blacklisted or not I really don't care now. Implementing code without end user permission is enough reason. We all know MS ways so I am glad Mozilla people used this way and hope they keep doing it in...

Tags: Web browsers, .NET, Linux Distro, Mozilla Corp., Microsoft Corp., MS .NET Firefox add-on, MS .NET, vunerability, plug-in

Discussion threads 2009-10-19

Microsoft says Google Chrome Frame doubles IE attack surface

Actually, it means that some of the browsing will be much safer by using Chrome. Notice that Microsoft's ONLY arguments here are bogus security arguments. They do not even try to deny that Chrome is much faster and better.RE: Microsoft says Google Chrome Frame doubles IE attack surfaceIf Google Chrome...

Tags: Web browsers, Google Inc., Microsoft Internet Explorer, Chrome, Microsoft Corp., Web browser, plug-in

Discussion threads 2009-09-24

Exploit code sends Mozilla scrambling to fix Firefox

Exploit code sends Mozilla scrambling to fix FirefoxNot intended to be flame-bait butWhere are the howls of outrage that we'd see if this were IE8? RE: Exploit code sends Mozilla scrambling to fix FirefoxYou don't get howls cause it gets fixed too quick! That my friend is the difference. The...

Tags: Web browsers, Mozilla Firefox, Mozilla Corp., exploit code, Novell AppArmor, Web browser

Discussion threads 2009-03-26

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability. We discuss the state of Web browser security, the vulnerability marketplace and...

Tags: Apple Macintosh, Mozilla Firefox, Apple Safari, Vulnerability, Bug, Microsoft Internet Explorer, Google Chrome, Hacker, Exploit, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-19

VMWare issues 'critical' ESXi security advisory

VMware has released new ESXi and ESX 3.5 packages to fix a "critical" security issue that allows a remote, unauthenticated attacker to launch harmful code on the host running the hypervisor. According to this VMWare advisory, the patches fix two remote buffer overflows in the handling of...

Tags: VMware Inc., Authentication, Security, Ryan Naraine

Blog posts 2008-09-19

MS Patch Tuesday: 8 critical security holes patched

Microsoft shipped four high-priority security bulletins today with patches for at least eight code execution vulnerabilities affecting millions of Windows computer users. The September Patch Tuesday updates, all rated "critical," correct security flaws in the Windows Media Player, the Windows Media Encoder, Microsoft Office and the Microsoft...

Tags: Windows Media, Attacker, Microsoft Office, Vulnerability, Microsoft Office OneNote 2003, Microsoft Corp., Windows Media Encoder Bulletin, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Blog posts 2008-09-09

Windows broken ... I'm surprised it took this long

Windows broken ... I'm surprised it took this longBest security is to take computers off the NetFor my computers at home, there is now only one that has firewalled access to the Internet. My kids' computers DO NOT. My media server DOES NOT. The PC with my finance stuff and...

Tags: Microsoft Windows Vista (Longhorn), Operating systems, Web browsers, Microsoft Windows Vista, Microsoft Windows, UAC, administrative right

Discussion threads 2008-08-09

Fortify warns of configuration weaknesses in SOA deployments

Security code review specialists Fortify Software has issued a warning about major configuration weaknesses affecting SOA service oriented architecture deployments from IBM, Microsoft and Apache. According to Fortify, certain configurations of Apache Axis, Apache Axis 2, IBM WebSphere 6.1, Microsoft .NET Web Services Enhancements WSE 2.0 and...

Tags: Apache Software Foundation, SOA, Application Security, Attack, Veracode, Service-Oriented Architecture (SOA), Security, Middleware, Enterprise Software, Web Services, Software, Ryan Naraine

Blog posts 2008-07-29

Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins

Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...

Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters

Blog posts 2008-07-08

How Snow Leopard can save Mac OS X from malware attacks

Guest Editorial by Dino Dai Zovi As reported by Intego and Matasano Security, a new local privilege escalation vulnerability has been found that gives local root access on Mac OS X Tiger and Leopard. While Intego calls this a critical vulnerability, I'm mostly with...

Tags: Apple Macintosh, Vulnerability, Malware, Attack, Apple Mac OS X, Apple Mac OS, Spyware, Adware & Malware, Desktops, Cyberthreats, Security, Operating Systems, Viruses And Worms, Software, Hardware, Ryan Naraine

Blog posts 2008-06-23

Michael Howard on SQL Injection and my concerns on the most recent attacks

So, in catching up with blogs after vacation, I went and had a peak at Michael Howard's web log, and was glad to see another post from him.  His posts are very insightful I just wish he would post more.  So, way back on May 16th (old news now, but still...

Tags: Web, SQL, SQL Injection, Attack, Michael Howard, SQL Payload, SDL, Programming Languages, Databases, Security, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters

Blog posts 2008-05-29

Gaping holes in Trillian IM client

Trillian users beware:  There are multiple serious security holes in the popular cross-platform IM application. According to alerts issued by TippingPoint's Zero Day Initiative ZDI, the vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Trillian Pro. Trillian users are strongly...

Tags: User Interaction, Vulnerability, Trillian, IM Client, Trillian User, Security, Ryan Naraine

Blog posts 2008-05-22

Microsoft plugs Office leaks; Delivers 4 critical patches

Microsoft plugs Office leaks; Delivers 4 critical patchesAnd... conspicuously absent from the list?Windows Vista - again. More secure? definitely. Runs well? Absolutely? Trouble-free? Not nearly. Better value? Absolutely.Windows Vista - it just works.Good news for Mac users of MS Officehttp://biz.yahoo.com/prnews/080513/aqtu077.html?.v=48VBA is back!LameThat privilege escalation...

Tags: Microsoft Windows Vista (Longhorn), Patches, Operating systems, Microsoft Windows Vista, Microsoft Office, Microsoft Windows, patch management, Microsoft Corp.

Discussion threads 2008-05-13

Microsoft plugs Office leaks; Delivers 4 critical patches

Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...

Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan

Blog posts 2008-05-13

Black Hat Europe, Day 4 (Finally): Early wake-up calls always lead to long days

For those of you who had been reading my Day 1, Day 2/Day 3, and Day 2 revisited stories about Black Hat Europe here on ZDNet, I'm sure you were wondering what happened to Day 4, the second day of conferences.  Well, after a long delay, here it is!  Basically, I got caught up...

Tags: Black Hat, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-04-07

Microsoft confirms Word attacks

Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications. Microsoft in its advisory said the potential for attack is "very limited." Reports of...

Tags: Microsoft Corp., Attack, Microsoft Word, Word Processors, Microsoft Windows, Microsoft Office, Security, Office Suites, Software, Operating Systems, Larry Dignan

Blog posts 2008-03-24

ISS%3A+Vulnerability+counts+fall+in+2007%3B+Do+you+buy+it%3F

ISS%3A+Vulnerability+counts+fall+in+2007%3B+Do+you+buy+it%3FVulnerability counts mean nothingA program can have ONE SINGLE bug and be a hell of a lot more vulnerable than 50 programs with 10,000+ bugs each . That single bug could be an open door invitation to your computer via the web, while the 10,000+ bugs could be just...

Tags: PRODUCTIVITY, SECURITY, computer, ISS

Discussion threads 2008-02-05