Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Last week, Adobe released an advisory disclosing a new zero-day vulnerability in Flash Player. Looking into the exploit code used in attacks targeting this vulnerability, we found several interesting ties to other vulnerabilities - not all of them for Flash Player, either. To explain this, we will discuss the highlights of how this exploit was performed. Exploit highlights At its core, the vulnerability is a buffer overflow that occurs when parsing a compiled shader in a Flash object. The overflow overwrites an adjacent memory buffer, ...

    Posted in Exploits, Vulnerabilities | Comments Off



    Over the weekend, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer. (It has also been assigned the CVE designation CVE-2014-1776.) This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all ...




    In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability  (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in what can only be described as a sophisticated exploit. It's quite fortunate that Microsoft was able to patch this vulnerability quickly, as its sophistication and the widespread ...

    Posted in Exploits, Vulnerabilities | Comments Off



    Windows end of support this, Windows end of support that... a lot of people in the IT field are writing about how Windows XP will be unsupported tomorrow. Why is this a big deal? Like any other software, operating systems evolve and it takes too much effort for the companies who created them to keep supporting older versions as time goes on. All Windows versions eventually become obsolete - try to call Microsoft today about that Windows 95 problem you still ...

    Posted in Exploits, Vulnerabilities | Comments Off



    Any vulnerability in Internet Explorer is a large issue, but last week's zero-day vulnerability (designated as CVE-2014-0322) is particularly interesting. It used what we call a "hybrid exploit", where the malicious exploit code is split across multiple components that use differing technology: in this case, the exploit code was split between JavaScript and Adobe Flash. The use of "hybrid exploits" provides attackers with a way to evade existing mitigation technology like ASLR and DEP. Let's go over how this exploit was ...

    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice