Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    In our previous post, we looked at how smart meters were being introduced across multiple countries and regions, and why these devices pose security risks to their users. At their heart, a smart meter is simply... a computer. Let's look at our existing computers - whether they are PCs, smartphones, tablets, or embedded devices. Similarly, these smart meters are communicating via understood technologies: cellular connectivity, power-line networking, or the user's own Internet connection. With that in mind, we have to consider the possible ...




    After introducing the "isolated heap" in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call “delay free.” This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet Explorer does not free object‘s heap space immediately when its reference count is zero. Take Internet Explorer 11, for example. We randomly selected the class CDivElement. ...

    Posted in Exploits, Vulnerabilities |



    While wearable personal technology may be the most "public" face of the Internet of Everything, the most widespread use of it may be in smart meters. What is a smart meter, exactly? It's a meter for utilities (electricity, gas, or water) that records the consumption of the utility in question, and transmits it to the utility provider via some sort of two-way communication method. (Examples of these methods include a wireless mesh network, power line networking, or a connection to the user's ...




    Internet Explorer and Microsoft Windows are some of the affected applications addressed in this month’s round of security updates.  For their July patch Tuesday, Microsoft has released six security bulletins, two of which are tagged as 'critical'.  The three other bulletins are rated as ‘important’ and one bulletin as ‘moderate.’ MS14-037 resolves about 23 vulnerabilities found existing in Internet Explorer, which may lead to remote code execution when exploited successfully via a specially crafted webpage. These vulnerabilities affect Internet Explorer versions 6 to ...

    Posted in Vulnerabilities |



    In the recent Microsoft security bulletin for Internet Explorer, we found an interesting improvement for mitigating UAF (User After Free) vulnerability exploits.  The improvement, which we will name as “isolated heap”, is designed to prepare an isolated heap for many objects which often suffers from UAF vulnerabilities. Let’s use Internet Explorer 11 as an example. Before it was patched, the function CHeadElement::CreateElement allocates memory space from the heap. The code is as follows: Figure 1. The function CHeadElement::CreateElement From Figure 1, we can see the memory space is ...

    Posted in Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice