Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Vulnerabilities’ Category




    Last week, Adobe released an advisory disclosing a new zero-day vulnerability in Flash Player. Looking into the exploit code used in attacks targeting this vulnerability, we found several interesting ties to other vulnerabilities - not all of them for Flash Player, either. To explain this, we will discuss the highlights of how this exploit was performed. Exploit highlights At its core, the vulnerability is a buffer overflow that occurs when parsing a compiled shader in a Flash object. The overflow overwrites an adjacent memory buffer, ...

    Posted in Exploits, Vulnerabilities | Comments Off



    The recent Internet Explorer and Flash zero-days were not the only zero-day threats that hit recently. Last Friday, the Apache Struts group released an advisory (S2-021) detailing two vulnerabilities (CVE-2014-0112 and CVE-2014-0113), and potential mitigation steps until an official patch is issued. Apache Struts is a framework used to build and deploy Java-based web applications. In Apache Struts2, most of the core functionality is implemented as Interceptors. These can execute code before and after an Action is invoked and each Interceptor can be ...

    Posted in Vulnerabilities | Comments Off



    Adobe has released a security advisory regarding a zero-day vulnerability (CVE-2014-0515) found in the program Adobe Flash. According to the advisory, the updates pertain to "Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux." Adobe has also acknowledged that an exploit for this zero-day exists, targeting Flash players on the Windows platform. If exploited, the zero-day could allow a remote attacker to take control of ...




    Over the weekend, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer. (It has also been assigned the CVE designation CVE-2014-1776.) This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all ...




    Two weeks ago, we talked about how many sites in the top 1 million domains (as judged by Alexa) were vulnerable to the Heartbleed SSL vulnerability. How do things stand today? Figure 1. Sites vulnerable to Heartbleed as of April 22 Globally, the percentage of sites that is vulnerable to Heartbleed has fallen by two-thirds, to just under 10 percent. Only three TLDs we looked at have percentages above the global number: Brazil (.BR), China (.CN), and Russia (.RU). The only TLD with ...

    Posted in Data, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice