Tag Archives: zero day

Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

M

icrosoft has released emergency advisory ‘Vulnerability in Internet Explorer Could Allow Remote Code Execution’ which is a zero day exploit that hackers exploited zero day vulnerability in IE versions 8 and 9 on Windows XP and Windows 7. This is after investigating public reports of the vulnerability. The vulnerability affects “all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11).” ( Emil Protalinski, 2013).

Zero day vulnerabilities also known as zero day attacks are software holes or backdoors that are not known by the vendor, meaning that the attack occurs on ‘day zero of reaction of the exposure. The developers will have had zero days to address and patch the vulnerability.

The company has found that the flaw could potentially affect all supported versions, although it says that running “modern versions” of IE has the advantage of additional security features that can help prevent successful attacks. The flaw in question makes remote code execution possible if you browse to a website containing malicious content for your specific browser type (an attacker can either compromise a regularly frequented and trusted site or convince the user to click a link in another application). Continue reading Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

Google’s Chrome Web Browser Hacked at CanSecWest

Google showed a great deal of confidence ahead of the CanSecWest conference this year when it announced plans to offer up to $1 million in rewards for a successful exploit against its Chrome browser. The company even launched its own Pwnium contest. Continue reading Google’s Chrome Web Browser Hacked at CanSecWest

Zero-Day vulnerability in Adobe Reader allows hacker to control system

Adobe released a Security advisory notifying about the new zero-day Vulnerability in the Adobe Reader. Hackers can exploit U3D memory corruption vulnerability (CVE-2011-2462) to crash the affected system and to potentially allow access to the system.

“We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011. Continue reading Zero-Day vulnerability in Adobe Reader allows hacker to control system