Tuesday, March 25, 2014

outlook 0day caused by word

0day M$ word in the wild affecting outlook: http://www.infosecnotes.com/msword-outlook-0day/

As MS word is the default viewer in outlook, simply by viewing the email, without even clicking any attachment... it can compromise the system.

Labels:

posted by omarg at 2:47 PM 0 Comments

Sunday, November 10, 2013

another day... another IE 0-day

posted by omarg at 9:01 PM 0 Comments

Wednesday, November 6, 2013

another day.. another 0-day

MS TIFF vulnerability CVE-2013-3906

http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx

http://technet.microsoft.com/en-us/security/advisory/2896666

M$ said user action is required... but can we consider turning on computer as user action?

Labels: ,

posted by omarg at 10:21 PM 0 Comments

Friday, January 11, 2013

another 0-day java vulneraiblity





http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html


previously similar java vulnerability:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4681

 

Labels: ,

posted by omarg at 3:05 PM 0 Comments