-
Content Count
550 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Brandon
-
-
Pizza
steak(medium or high rare)
crab legs
-
Hi Kat, I dont know you but welcome back
-
Story published by Secunia
Source: H D Moore
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).
The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.
NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.
The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.
Solution:
Do not save, open or preview untrusted image files from email or other sources, or open untrusted folders and network shares in explorer.
Set security level to "High" in Microsoft Internet Explorer to prevent automatic exploitation.
The risks can be mitigated by unregistering "Shimgvw.dll". However, this will disable certain functionalities. Secunia do not recommend the use of this workaround on production systems until it has been thoroughly tested.
-
obsession
-
prophet
-
desire
-
Congrats shanenin im sure you will do fine on windows and Congrats on your job
-
-
-
Same here Danny, Im not going too buy PS3 or Xbox360 just Nintendo Revolution
-
Story published by Secunia
Source: Javier Fernandez-Sanguino Pena
Javier Fernandez-Sanguino Pena has reported a vulnerability in Bugzilla, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
The vulnerability is caused due to the "tmpsyncshadow" temporary file being created insecurely by the "syncshadowdb" script in the temporary directory. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the affected script.
Successful exploitation requires that the malicious user is able to write to the temporary directory.
The vulnerability has been reported version 2.16.7 and also affects version 2.16.10. Other versions may also be affected.
Solution:
The vendor do not recommend the use of version 2.16.10 for new Bugzilla installations.
The affected script is not present in version 2.20.
-
Thanks for the head up Matt
-
-
Happy Christmas & Happy new year everyone
-
Merry Christmas & Happy new year everyone
-
Nice find
-
I just updated the solution, sorry about that..
-
perplexity
-
Im looking forward too listening too the radio once I can get onto it
-
mystic
-
dreamy
-
Congrats Matt
-
Yet another possible security vunrability in phpbb, thank god this forum uses invision board
Pierce
Agreed
-
Mcafee, and Norton are both resource hogs.
Never had a problem running Norton AntiVirus 2005 on my windows98SE machine with only 192ram, my computer still ran fine...
If you like Avast why not keep using it? Yes McAfee antivirus does have higher detection rates then Avast but doesnt seem too take up as much resources and possibly provides a different range of protection then McAfee does...I say stick with Avast unless you think avast is not protecting you as much as you like..
Happy Birthday, Tommyd84!
in Open Chat
Posted
Happy Birthday tommyd84 Have a great day..