zero-day bug

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Exploit published for critical IE 7 zero-day flaw

The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7. by Ryan Naraine

Tags: Microsoft Internet Explorer 7, Malware, Microsoft Internet Explorer, Zero-day Bug, Web Browsers, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Internet, Ryan Naraine

Blog posts 2009-11-23

Zero-day flaw found in web encryption

Bad oneBecause the bug is actually in the spec and because of an incomplete spec there is no obvious solution which will not risk breaking a lot of software.On the positive side, the vuln can only be exploited by someone on the network path (it is a man-in-the-middle attack), which...

Tags: NETWORKING, SECURITY, Web, zero-day bug

Discussion threads 2009-11-05

Zero-day flaw found in web encryption

A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt web pages, has been made public. Security researchers Marsh Ray and Steve Dispensa unveiled the TLS Transport Layer Security flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its...

Tags: Web, Flaw, TLS, SSL, Zero-day Bug, Ssl/Tls, Network Security, Channel Management, Networking, Marketing, zero day, security, encryption, Tom Espiner ZDNet UK

News items 2009-11-05

Microsoft confirms IIS zero-day flaw; Exploit code published

Can I summarize?First you need to not only install IIS, you also need to install the FTP functionality in IIS. Got it.[i]Also, remember that only servers that allow untrusted users to log on and create arbitrary directories are vulnerable.[/i]Then you have to configure your FTP server to allow anyone to...

Tags: SECURITY, zero-day bug, Microsoft Corp., Microsoft IIS Server, exploit code

Discussion threads 2009-09-01

Microsoft confirms IIS zero-day flaw; Exploit code published

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the FTP Service in Microsoft Internet Information Services IIS 5.0, 5.1, and 6.0. by Ryan Naraine

Tags: Exploit Code, Microsoft Corp., Zero-day Bug, Microsoft IIS Server, Ryan Naraine

Blog posts 2009-09-01

Adobe Flash zero-day attack underway; Harden PDF Reader immediately

Adobe Flash zero-day attack underway; Harden PDF Reader immediatelyI can't afford this crap....Honestly considering ripping out all "free" Adobe software from all my networks until Adobe decides that they wanna play like a big boy in the enterprise.Applying Adobe patches is slow, manual and EXPENSIVE.RE: Adobe Flash zero-day attack underway;...

Tags: Adobe Systems Inc., Adobe Flash zero-day attack underway, Adobe Flash zero-day attack, underway, Adobe Flash, zero-day bug

Discussion threads 2009-07-22

Adobe Flash zero-day attack underway; Harden PDF Reader immediately

Malicious hackers have found a new vulnerability in Adobe's ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users.  Adobe has acknowledged a "potential...

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Adobe Acrobat Reader, Exploit, Zero-day Bug, Security, Ryan Naraine

Blog posts 2009-07-22

Attack code posted for unpatched Firefox 3.5 flaw

Attack code posted for unpatched Firefox 3.5 flawA more effective mitigationThe US-CERT vulnerability note has a better mitigation:http://www.kb.cert.org/vuls/id/443060Essentially, go to about:config and set javascript.options.jit.content to "false"Not going to workThat is the main reason why the Javascript engine is so fast in Firefox 3.5. Turning it off totally NEGATES the upgrade...

Tags: Web browsers, Firefox 3.5, Mozilla Firefox

Discussion threads 2009-07-14

ImageShack hacked by anti-full disclosure movement

During the weekend, ImageShack, among the Web's top ten most popular free image hosting services got compromised, with the millions of images hosted on it redirected to a single one explaining why it was hacked. The anti-sec group responsible for the compromise describes itself as a "movement...

Tags: Web, Malware, Exploit, Zero-day Bug, Spyware, Adware & Malware, Channel Management, Cyberthreats, Security, Viruses And Worms, Marketing, Dancho Danchev

Blog posts 2009-07-13

IE users beware: Zero-day attacks hit Microsoft Video ActiveX Control

IE users beware: Zero-day attacks hit Microsoft Video ActiveX ControlZero day attacksAgain and again and again. Will Windows ever be secure? In this case apparently just moving over to Firefox would help, but that was not recommended in the article.How soon before the fake Fix-It websites spring up?MS...

Tags: Web browsers, ActiveX/COM/COM+/DCOM, Microsoft Windows Vista (Longhorn), Operating systems, Microsoft Corp., ActiveX Control, Microsoft Video, Microsoft Internet Explorer, Microsoft Windows Vista, Microsoft Windows, zero-day bug, Microsoft Video ActiveX Control, Mozi

Discussion threads 2009-07-06

IE users beware: Zero-day attacks hit Microsoft Video ActiveX Control

Malicious hackers are launching code execution exploits against new, unpatched vulnerability in the Microsoft Video ActiveX Control, the company warned in an advisory. The attacks are currently targeting users of Microsoft's Internet Explorer browser.  "An attacker who successfully exploited this vulnerability could gain the same user rights...

Tags: ActiveX Control, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, ActiveX/COM/COM+/DCOM, Web Browsers, Software Development, Software/Web Development, Internet, Ryan Naraine

Blog posts 2009-07-06

IE zero-day attack surface expands

The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Microsoft's Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2. Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE...

Tags: Security, Microsoft Internet Explorer, Web Browser, Zero-day Bug, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-12-12

On Opera patch day, a new zero-day flaw

On Opera patch day, a new zero-day flawOpera flawExcept for an occasional site that is hard-coded to use IE, Opera has been a much more pleasant experience. IE used to crash several times a week. Firefox in their wisdom does not provide any way to convert the bookmarks, and I...

Tags: Opera Software ASA, zero-day bug

Discussion threads 2008-10-23

On Opera patch day, a new zero-day flaw

On the same day Opera shipped a browser update with patches for three separate security vulnerabilities, hackers are openly discussion a new zero-day flaw that exposes Windows users to remote code execution attacks. With Opera 9.61, the Norwegian browser maker corrects an issue where History Search could...

Tags: Execution Attack, Internet, Opera Software ASA, Ryan Naraine, Web Browser, Web Browsers, Zero-day Bug

Blog posts 2008-10-22

Oracle ships emergency workaround for zero-day flaw

Oracle ships emergency workaround for zero-day flawDoes anybody know?Where the exploit runs? On the Apache web tier where mod_wl sits OR on the app server WebLogic tier? Does mod_wl just package up the exploit and let WL run it? Or does this just allow for RCE with...

Tags: Application servers, Middleware, emergency workaround, zero-day bug, Oracle Corp., exploit, Apache Software Foundation

Discussion threads 2008-07-30

Oracle ships emergency workaround for zero-day flaw

For the first time since the introduction of its quarterly Critical Patch Update process in 2005, Oracle has released an emergency alert to offer mitigation for a zero-day vulnerability that's been published on the Internet. The emergency workaround, available here, addresses an unpatched vulnerability that's remotely exploitable...

Tags: Oracle Corp., Vulnerability, Zero-day Bug, Security, Ryan Naraine

Blog posts 2008-07-28

Zero-day flaw haunts Internet Explorer

Zero-day flaw haunts Internet ExplorerJelloWow, Ryan, that really tells me a lot. What does this vulnerability do? Change my hard drive into Jello?While the information is appreciatedit would have been nice if the headline had included that little number 6. It makes a huge difference.this flaw haunts only OLD Internet...

Tags: Web browsers, Manuel Caballero, Microsoft Internet Explorer, zero-day bug, Mozilla Firefox, vulnerability

Discussion threads 2008-06-26

Zero-day flaw haunts Internet Explorer

An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers. The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:...

Tags: Microsoft Internet Explorer, Zero-day Bug, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-06-26

IT Analysis - From Zero Day Exploit to Zero Day Fix

To compete in today's electronic world, organisations rely on software applications, some off-the-shelf, others customised for them, and still more that they develop or modify themselves. Most large enterprises have thousands of software applications in use, many of which are web-enabled. Because web-enabled applications are external facing they need to...

Tags: Quocirca, Software, Information Technology, Zero-day Bug, Tools & Techniques, Channel Management, Management, Marketing

White papers 2008-06-22

Metasploit Project's site hijacked through ARP poisoning

Metasploit, the open-source platform for developing, testing, and using exploit code, got its official project site briefly hijacked on Monday by a well known member of the Chinese underground who left the following message offering a new zero day exploit for sale - "hacked by sunwear! just for fun! ring04h...

Tags: Zero-day Bug, ARP, Internet Service Providers (ISPs), Networking, Internet, Dancho Danchev

Blog posts 2008-06-03