Posts Tagged ‘Zero-day vulnerability’

Internet Explorer vulnerabilitiesMicrosoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

Hacking Team hackedHacking news 2015: The Hacking Team Hacking – Latest news

Recall, July 5, unknown hackers have broken into the computer network of the company and abducted more than 400 GB of corporate data.

Stolen information includes corporate documents, source code, and even, as it became known, a few exploits for zero-day vulnerability in Adobe Flash. Also, hackers managed to hack the official Hacking Team account in Twitter.

Hacking Team’s CEO David Vincenzetti issued a new statement promising that the company plans to deliver the recovered version of Galileo Remote Control System (Galileo, is the advanced and sophisticated spyware tool) and internal infrastructure to replace products that have been compromised in the cyber attacks. (more…)

samsung find my mobileZero-day vulnerability in Samsung’s Find My Mobile service allows you to remotely lock the user smartphone.

If an attacker exploits the zero-day vulnerability in Samsung’s ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.

Vulnerability affects all smartphones Samsung, what support the web service Find My Phone. (more…)

dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. (more…)

SandwormZero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114. (more…)

Trend MicroTrend Micro released a report on cyber threats in the I quarter of 2013

Trend Micro released a report Q1 2013 Security Roundup Report, dedicated to cyber threats in the first quarter of 2013, the main topics of research are proliferating attacks using vulnerabilities “zero day” and the recent targeted attack on the people of South Korea. Results of the study indicate that the vulnerability of “zero day” threats remain relevant and hackers are becoming more sophisticated, intense and dangerous. (more…)

Adobe Logo

Vulnerabilities in Adobe Reader

The flaw allows a potential attacker to remotely execute arbitrary code.

Zero day vulnerability was discovered in the popular software Adobe Reader, allows you to execute arbitrary code on the target system. This in his report the researchers reported FireEye, who happened to encounter with an infected PDF-document capable of compromising computers based on Windows.

When trying to open a malicious file, is running two dll-libraries, one of which is designed to conceal the fact of infection. It gives the user an error message while working on a document. Second library contains a component that provides for the connection to the remote server attacks.

According to FireEye, vulnerable to this attack were such versions of Adobe Reader, as 9.5.3, 10.1.5 and 11.0.1. Older versions may also be exposed to the threat. Currently, researchers have already submitted details of the detected flaws developers. (more…)

Adobe FlashUsers are advised to install security updates as soon as possible.

Yesterday, Adobe released an emergency update Flash Player, which addresses two zero-day vulnerabilities.

The manufacturer has confirmed that the underlying vulnerability used in the implementation of targeted attacks using the documents in Microsoft Word. These documents are distributed by spam mailings, when opened on the victim’s system runs the malicious SWF-content. One of the vulnerabilities in the ActiveX-focused version of Flash Player for Windows.

Adobe thanked experts from Kaspersky Lab Sergey Golovanov and Alexander Polyakov for the detection of one of the vulnerabilities. (more…)

Java DangerDevelopers Blackhole and Nuclear Pack said that the exploit is a ‘New Year present’ for their clients.

Hackers who are the authors of such sets exploits as Blackhole and Nuclear Pack, claim that they had added a new exploit, an attacker previously unknown and is not currently vulnerability in Java.

Thus, on 9 January, the developer Blackhole – hacker disguised under the pseudonym ‘Paunch’ – said on several underground forums that a zero-day vulnerability in Java is a ‘New Year gift’ to those who use it with a set of exploits. Soon, similar reports were received from the developers and distributors of Nuclear Pack. (more…)

internet explorer logoVulnerability: Arbitrary code execution in Microsoft Internet Explorer

Severity Rating: Critical
Patch: None

CVE ID: CVE-2012-4792
Vector of operation: Remote
Impact: System Compromise
CWE ID: CWE-119: An error occurred in the buffer
Exploited by active exploitation of the vulnerability
Affected Products: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x

Affected versions: Microsoft Internet Explorer version 6.x, 7.x, 8.x


The vulnerability allows a remote user to execute arbitrary code on the target system.

An error after release of the processing facility ‘CDwnBindInfo’. This can be exploited via a specially crafted Web-page call dereference already freed object and execute arbitrary code on the target system. (more…)