Saturday, March 24, 2012

CPE: McAfee AudioParasitic: Episode 18: MS patches

length:  00:19:34

joined by Craig Schmugar

MS07-055: Kodak image Viewer – remote exec
No public info so far
Drive by capability

MS07-056 Outlook express
Malformed NNTP – event using full outlook there is a risk…

MS07-060 Word Could Allow Remote Code Execution

Bunch of IE vulnerabilities – allow crafted UR that is more difficult for users to detect.. one of them was public knowledge.

Apparently the MS word one is publicly exploited, however McAfee have not seen any sample yt – it is believe that this vulnerability has been used for targeted attack.

Many of M$ word vulnerabilities are use in VERY targeted attacks.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home