Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2015
    S M T W T F S
    « Jun    
  • Email Subscription

  • About Us

    Archive for the ‘Vulnerabilities’ Category

    This month's Patch Tuesday release can be considered relatively light with only three Critical bulletins, with the remaining 10 bulletins rated as Important. As is usually the case, the cumulative update for Internet Explorer (MS15-043) is one of those rated as Critical. MS15-044 addresses critical vulnerabilities in Microsoft Font driver, which could allow remote code execution if users open specially crafted documents or visits an untrusted webpage that contains embedded TrueType fonts. Lastly, MS15-045 addresses a critical vulnerability in Microsoft Journal that ...

    Posted in Vulnerabilities |

    MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, and Australia. Figure 1. This attack was first seen in April, although at relatively low traffic levels. The number of users at risk grew significantly as May ...

    One of the vulnerabilities recently patched by Microsoft can be exploited in the same way as Heartbleed, and needs to be addressed immediately. Addressed in the April batch of Patch Tuesday fixes (in Microsoft Security Bulletin MS15-034, specifically), the Microsoft Windows HTTP.sys Integer Overflow vulnerability, or CVE-2015-1635, is a remote code execution vulnerability that exists in HTTP.sys, or the HTTP protocol processing module in Microsoft Internet Information Service. Integer overflows have long been known as one kind of notorious and fairly old vulnerability – so why ...

    Posted in Exploits, Vulnerabilities |

    Millions of sites running the popular WordPress blogging platform are at risk from recently discovered zero-day vulnerabilities. These vulnerabilities were discovered by Finland-based security researcher Jouko Pynnönen, and could allow an attacker to execute JavaScript code in the website administrator’s browser window, and can further perform malicious tasks using administrator’s privileges. The attacker can even take control of the server. WordPress has released an update to WordPress, which they have called a “critical security release” that they urge all ...

    Posted in Vulnerabilities |

    We have found an interesting discrepancy in how the Angler exploit kit targets Adobe Flash. The Angler exploit kit is known for its use of various Adobe Flash Player exploits. Reports have indicated that Angler has started targeting CVE-2015-0359, a vulnerability that was fixed in Adobe's April 2015 update. CVE-2015-0359 is a race condition vulnerability that occurs because ByteArray::Write is not thread-safe, and it requires many workers to trigger. However, in the sample that we analyzed, the current exploit used by Angler is a use-after-free (UAF) ...


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice