Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Vulnerabilities, particularly zero-days, are often used by threat actors as the starting point for targeted attacks. This was certainly the case for a (then) zero-day vulnerability (CVE-2014-1761) affecting Microsoft Word. In its security advisory released last March, Microsoft itself acknowledged that the vulnerability was being used in “limited, targeted attacks.” Microsoft has since patched this vulnerability as part of its April Patch Tuesday. However, the existence of a patch has not deterred threat actors from exploiting this vulnerability. We are still ...




    Last week, Adobe released an advisory disclosing a new zero-day vulnerability in Flash Player. Looking into the exploit code used in attacks targeting this vulnerability, we found several interesting ties to other vulnerabilities - not all of them for Flash Player, either. To explain this, we will discuss the highlights of how this exploit was performed. Exploit highlights At its core, the vulnerability is a buffer overflow that occurs when parsing a compiled shader in a Flash object. The overflow overwrites an adjacent memory buffer, ...

    Posted in Exploits, Vulnerabilities | Comments Off



    Over the weekend, Microsoft released Security Advisory 2963983 which describes a new zero-day vulnerability found in Internet Explorer. (It has also been assigned the CVE designation CVE-2014-1776.) This remote code execution vulnerability allows an attacker to run code on a victim system if the user visits a website under the control of the attacker. While attacks are only known against three IE versions (IE 9-11), the underlying flaw exists in all versions of IE in use today (from IE 6 all ...

    Posted in Exploits, Vulnerabilities | Comments Off



    In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability  (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in what can only be described as a sophisticated exploit. It's quite fortunate that Microsoft was able to patch this vulnerability quickly, as its sophistication and the widespread ...

    Posted in Exploits, Vulnerabilities | Comments Off



    Windows end of support this, Windows end of support that... a lot of people in the IT field are writing about how Windows XP will be unsupported tomorrow. Why is this a big deal? Like any other software, operating systems evolve and it takes too much effort for the companies who created them to keep supporting older versions as time goes on. All Windows versions eventually become obsolete - try to call Microsoft today about that Windows 95 problem you still ...

    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice