Trend Micro threat analysts were alerted to the discovery of a zero-day exploit that affects Adobe Reader and Acrobat 9.1.3 and earlier versions (CVE-2009-3459). Trend Micro detects this as TROJ_PIDIEF.UO. This .PDF file contains an embedded JavaScript, which Trend Micro detects as JS_AGENTT.DT. This JavaScript is used to execute arbitrary codes in a technique known as heap spraying. In addition, there is a possibility that a future variant may be created that does not use JavaScript to exploit the said ...

Microsoft's monthly patch cycle for September has come out, and it's something of a mixed bag for users. While there were only 5 advisories, all of them were rated as Critical by Microsoft, because if exploited all five could be used to execute arbitrary code on user systems. The patches fix vulnerabilities in the JScript Scripting Engine (MS09-045), the DHTML Editing Component ActiveX control (MS09-46), the Windows Media Format runtime (MS09-47), the TCP/IP stack (MS09-48), and the Wireless LAN AutoConfig service ...

Today's Patch Tuesday from Microsoft comes with 9 security advisories, 5 of which are tagged as critical, 4 as important. Collectively, 19 flaws are addressed in these advisories, 15 of which are critical. This set of advisories also includes the bulletin that addresses the previously exploited Microsoft Office Web Components bug. The critical advisories include patches for vulnerabilities in Microsoft Office Web Components (MS09-043), Remote Desktop Connection (MS09-044), Internet Name Service (MS09-039), Windows Media File Processing (MS09-038), and Active Template library ...

Compromised websites are a sad fact of life on the Internet today, and here’s proof. Last week the website of a major British music producer was compromised, and stayed that way for at least several days. The site is now clean (last checked July 31, 2009) but the lessons to be learned from it remain relevant. The site was compromised with a script that sent users to a domain identified by Trend Micro researchers as a known disease vector, as shown ...

It's not the second Tuesday of the month, but Microsoft has rushed out several patches for Internet Explorer. These are related to the zero-day exploit that was revealed earlier in the month; however it appears that the underlying vulnerability was not fixed; independent security researchers have discovered the underlying flaw and are ready to release at this week's Black Hat security conference in Las Vegas. Microsoft is preempting the exploitation of this possible issue by taking the highly unusual step ...