Our Polish friend and expert security researcher, Michal Zalewski (lcamtuf), known for his endless stream of vulnerabilities in all manners of software, has struck again. This time with some pretty serious flaws in both Internet Exploder Explorer and Firefox. This time it’s 4, 2 in IE and 2 in Firefox. The first which effects fully [...]
Tag Archive | "IE"
It seems the recent fake login flaw effects both Internet Exploder and Firefox. Good to keep alert and with the new update mechanism it’s very simple to update your Firefox installation. The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users’ login credentials via [...]
This was a while back, but with Microsoft’s security record it’s pretty much inevitable.. Even before release (as with Vista) flaws were found. Introduction A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. Please use the test below, to see an example of how [...]
What? New vulnerabilities in Internet Explorer? You can hack Internet Exploder Explorer? Never! 3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI). The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with [...]
I know this is old, but a lot of people still don’t know about it. It can test for up to date Mozilla, Opera and Internet Explorer flaws, exploits and vulnerabilities. Browser vulnerabilities are a serious issue now. You can see which vulnerabilities they test for here and the statistics of the tests results here. [...]
Can you see the irony? Just after 2 weeks that M$ released the Internet Explorer security makeover, Michal Zalewski came up with a highly critical exploit, as called by Secunia… based on a mishandling of the OBJECT tag…. Security alerts aggregator Secunia flagged the issue as “highly critical” and stressed that it can be exploited [...]
Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to [...]