Security Corner:

Remote Code Execution

1

October 19, 2009  11:54 PM

Mozilla Disables Insecure Microsoft Firefox Add-on



Posted by: Ken Harthun
Browsers, insecure, Microsoft, Remote Code Execution, Security, Vulnerabilities

When I fired up my laptop the other day, I was greeted with this pop-up box:

Bookmark and Share     2 Comments     RSS Feed     Email a friend

September 8, 2009  11:37 PM

Patch Tuesday – Microsoft Fixes Eight Security Flaws



Posted by: Ken Harthun
Critical update, insecure, Microsoft Windows, Networking, Patch management, Patch Tuesday, Remote Code Execution, Security, Security bulletin, Vulnerabilities, Wireless security

All of them are critical, but not a single one of them affects Windows 7, scheduled for release on October 22.

The most dangerous flaw covered by this month’s batch of patches is a remote code execution vulnerability in the way that the JScript scripting engine decodes script in Web...


July 29, 2009  9:08 PM

I’ll Say it Again—Turn Off the Remote Web Management Interface!



Posted by: Ken Harthun
Embedded systems, Exploits, Firewalls, Hacking, insecure, Remote Code Execution, Security, Security management, Storage, Vulnerabilities

I don’t know how many times I’ve told people that the embedded management interface on most devices is a security breach waiting to happen. I just got wind of some news, but can’t seem to find anything more than this mention. As soon as I dig up some details, I’ll let you know. This...


December 24, 2008  4:43 PM

Microsoft Releases Security Advisory (961040)



Posted by: Ken Harthun
Database, Remote Code Execution, Security, SQL Server, Vulnerabilities

Microsoft's latest Security Advisory (961040) covers a vulnerability in SQL Server that could allow remote code execution:

Microsoft is investigating new public reports of a vulnerability that could allow...


December 12, 2008  9:44 PM

Internet Explorer Targeted by Zero-day Attack



Posted by: Ken Harthun
Critical update, Firefox, Internet Explorer, Malware, Opinion, Remote Code Execution, Security, Security bulletin, Vulnerabilities, Zero-day exploit, Zero-day vulnerability

Even though Microsoft released the biggest batch of patches ever on Tuesday--28 flaws affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player, 23 of them rated “critical”--there's no fix for a zero-day XML parser vulnerability that surfaced the same...


October 29, 2008  3:04 PM

Opera Zero-day Vulnerability



Posted by: Ken Harthun
Browsers, Opera, Remote Code Execution, Security bulletin, Zero-day exploit, Zero-day vulnerability

Just as Opera completed patches for critical vulnerabilities in its browser, researchers discovered another remote code execution bug. In its recent article, "Opera scrambles to quash zero-day bug in...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


October 23, 2008  8:29 PM

Microsoft Releases Out-of-Band Security Bulletin MS08-067



Posted by: Ken Harthun
Critical update, Malware, Microsoft Windows, Remote Code Execution, Security, Security bulletin, Vulnerabilities

Microsoft just released a critical update for a "privately reported" vulnerability in the server service:

This security update resolves a privately reported vulnerability in the Server service. The...


June 5, 2008  1:30 PM

Safari for Windows Flaw Quick Fix



Posted by: Ken Harthun
Apple, Browsers, Microsoft Windows, Remote Code Execution, Security, Vulnerabilities

Microsoft has issued Security Advisory 953818 advising Safari users to "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple." According to...


May 29, 2008  8:14 PM

Phlashing Attack Can Damage Systems Beyond Repair



Posted by: Ken Harthun
Cyber warfare, Opinion, Remote Code Execution, Security, Security management, Vulnerabilities

It has long been an "everybody knows" that viruses and other malware cannot physically damage hardware. We've all seen those alarming emails that say, "...the virus destroys Sector Zero, thus permanently destroying the hard disk," a statement we know is rubbish; at worst, the disk is rendered...


May 22, 2008  7:38 PM

Foxit Reader Security Vulnerability



Posted by: Ken Harthun
Buffer Overflow, Remote Code Execution, Security, Vulnerabilities

Since I discovered Foxit Reader in early 2006, I've been recommending it to everyone. There's no question it's a best-of-breed tool for speed and simplicity. But recently, Secunia issued a


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: