buffer-overrun vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Visual FoxPro 8.0 GDI+ Runtime Library Update 1 (Windows)

Visual FoxPro 8.0 GDI+ Runtime Library Update is a security update requires a released version of Visual FoxPro 8.0. Developers who have distributed custom Visual FoxPro 8.0 runtime applications that include a copy of the vulnerable gdiplus.dll file should evaluate the need to deploy the security update for the Microsoft...

Tags: Buffer-overrun, Microsoft Windows, Microsoft Corp., Security Update, Buffer-overrun Vulnerability, Security Administration, Patches, Security

Software downloads 2007-09-04

Microsoft Windows NT 4.0.8618.0 (Windows)

Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however,...

Tags: Microsoft Windows NT, Vulnerability, Microsoft Corp., Security Update, Buffer-overrun Vulnerability, Microsoft Windows, Security Administration, Microsoft Windows XP, Patches, Operating Systems, Security, Software

Software downloads 2004-05-11

Additional Resources

Mozilla blocks dangerous MS .NET Firefox add-on

RE: Mozilla blocks dangerous MS .NET Firefox add-onIf it had to be blacklisted or not I really don't care now. Implementing code without end user permission is enough reason. We all know MS ways so I am glad Mozilla people used this way and hope they keep doing it in...

Tags: Web browsers, .NET, Linux Distro, Mozilla Corp., Microsoft Corp., MS .NET Firefox add-on, MS .NET, vunerability, plug-in

Discussion threads 2009-10-19

Microsoft says Google Chrome Frame doubles IE attack surface

Actually, it means that some of the browsing will be much safer by using Chrome. Notice that Microsoft's ONLY arguments here are bogus security arguments. They do not even try to deny that Chrome is much faster and better.RE: Microsoft says Google Chrome Frame doubles IE attack surfaceIf Google Chrome...

Tags: Web browsers, Google Inc., Microsoft Internet Explorer, Chrome, Microsoft Corp., Web browser, plug-in

Discussion threads 2009-09-24

Microsoft confirms IIS zero-day flaw; Exploit code published

Can I summarize?First you need to not only install IIS, you also need to install the FTP functionality in IIS. Got it.[i]Also, remember that only servers that allow untrusted users to log on and create arbitrary directories are vulnerable.[/i]Then you have to configure your FTP server to allow anyone to...

Tags: SECURITY, zero-day bug, Microsoft Corp., Microsoft IIS Server, exploit code

Discussion threads 2009-09-01

Apple eliminates CanSecWest Pwn2Own flaws

Here's a little ditty that was almost lost in the sheer volume of this week's Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year's CanSecWest Pwn2Own hacking contest. The two flaws were used by Charlie Miller and a German...

Tags: Apple Safari, Flaw, Vulnerability, Apple Inc., Hacker, Hacking, Security, Ryan Naraine

Blog posts 2009-05-14

PC 'security as a service' gains global cloud footprint with free Panda anti-virus offering

PC 'security as a service' gains global cloud footprint with free Panda anti-virus offeringWhy then 2 years running has OS X fallen in pwn2ownTwo years in a row OS X fell first and fell quickly. In the first contest, Windows fell due to 3rd party apps not to an...

Tags: Apple Mac OS X, Microsoft Windows, Operating systems, Viruses and worms, cloud footprint, global cloud footprint, Panda Anti-virus, security, PC

Discussion threads 2009-04-29

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability. We discuss the state of Web browser security, the vulnerability marketplace and...

Tags: Apple Macintosh, Mozilla Firefox, Apple Safari, Vulnerability, Bug, Microsoft Internet Explorer, Google Chrome, Hacker, Exploit, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-19

Steps Involved in Exploiting a Buffer Overflow Vulnerability Using a SEH Handler

This paper uses buffer overflow vulnerability in an application to overwrite the SEH handler. This paper will outline all the steps necessary to exploit such vulnerability, from detecting the point of buffer overflow in the application, to writing an exploit. The exploit uses an Activex control (XXXXX.dll) having buffer overflow...

Tags: Buffer-overflow Vulnerability, Buffer-overflow, Viruses And Worms, Security

White papers 2009-03-17

Apple Patch Day: Gaping Mac OS X, Safari vulnerabilities

Apple Patch Day: Gaping Mac OS X, Safari vulnerabilitiesAnyone still believe that Apple doesn't have a patch day?48 vulnerabilities fixed in one release. Hmm, either the developers happen to have finished 48 patches [b]all on the same day[/b] or Apple bundles patches together and releases them [b]some time after the...

Tags: Patches, SECURITY, Operating systems, Apple Mac OS, Apple Safari, Apple Mac OS X, Apple Macintosh, Apple Inc., patch management, vulnerability

Discussion threads 2009-02-12

Majority of vulnerabilities go unpatched, IBM

Majority of vulnerabilities go unpatched, IBMThere you have it, Apple OS X is the worst OSby a *wide* margin when it comes to vulnerabilities and security.Many people will not believe this, even though it has been clear for a long time (hint: try finding Vista, OS X and Ubuntu on...

Tags: SECURITY, Operating systems, IBM Corp., vulnerability, operating system, Linux, Microsoft Windows Vista

Discussion threads 2009-02-03

Real plugs critical holes in Helix Server

RealNetworks has shipped a new version of its Helix Server to plug at least four vulnerabilities that introduce code execution and denial-of-service risks. The flaws affect Helix Server Version 11.x, Helix Server Version 12.x, Helix Mobile Server Version 11.x and  Helix Mobile Server Version 12.x.  Three...

Tags: User Interaction, Vulnerability, RealNetworks Inc., Authentication, Security, Ryan Naraine

Blog posts 2009-01-02

Firefox tops list of 12 most vulnerable apps

Mozilla's flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform. According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008.  These flaws exposed...

Tags: Mozilla Firefox, Attacker, Vulnerability, JRE, Arbitrary Code Execution, Buffer-overflow, Security, Viruses And Worms, Ryan Naraine

Blog posts 2008-12-15

Firefox security makeover: 11 vulnerabilities, 4 critical

 Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks. Four of the 11 flaws covered with the new Firefox 3.0.4 are rated "critical" because of the risk...

Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-11-12

Rigged PDFs exploiting just-patched Adobe Reader flaw

Just three days after Adobe shipped a patch with fixes for a critical Adobe Reader vulnerability, hackers are using booby-trapped PDF files to fire exploits against Windows users. [ SEE: Heads up: Patch your Adobe Reader now ] The in-the-wild attacks, first spotted by...

Tags: Adobe Systems Inc., Adobe PDF, Flaw, Adobe Acrobat Reader, Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Blog posts 2008-11-07

Remote buffer overflow bug bites Linux Kernel

Remote buffer overflow bug bites Linux KernelSo it ISN'T a kernel bugit's a kernel DRIVER bug. That's akin to a bad video driver in Windows.This is not a Linux problem, it's an NDISWRAPPER problem.You should correct the first line of this article, which reads: "A remote buffer overflow vulnerability...

Tags: OPEN SOURCE, UNIX, Operating systems, LOL!!, Linux, Linux kernel, buffer-overflow bug, buffer-overflow

Discussion threads 2008-11-05

Remote buffer overflow bug bites Linux Kernel

A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges.  This could lead...

Tags: Linux Kernel, Buffer-overflow, Wireless Network, Linux, Wi-Fi, Wireless, Security, Open Source, Operating Systems, Software, Ryan Naraine

Blog posts 2008-11-05

Heads up: Patch your Adobe Reader now

See important update below for information on patching this vulnerability. Heads up for Windows users: There's a critical, remotely exploitable vulnerability in Adobe Acrobat/Reader version 8. According to an advisory from Core Security, Adobe Reader suffers from a stack buffer overflow when parsing...

Tags: Adobe Systems Inc., Adobe Acrobat, Vulnerability, JavaScript, Adobe Acrobat Reader, Product Update, Security, Ryan Naraine

Blog posts 2008-11-04

VMWare issues 'critical' ESXi security advisory

VMware has released new ESXi and ESX 3.5 packages to fix a "critical" security issue that allows a remote, unauthenticated attacker to launch harmful code on the host running the hypervisor. According to this VMWare advisory, the patches fix two remote buffer overflows in the handling of...

Tags: VMware Inc., Authentication, Security, Ryan Naraine

Blog posts 2008-09-19

Google patches 'critical' Chrome code execution flaws

The first security patch for Google's new Chrome browser is out, fixing at least two "critical" vulnerabilities that put Windows users at risk of code execution attacks. [ SEE: Google Chrome vulnerable to carpet-bombing flaw ] The patch, which is rolled out automatically via...

Tags: Google Inc., Risk, Vulnerability, Patch Management, Web Browser, Flaw, Security, Strategy, Management, Ryan Naraine

Blog posts 2008-09-08