ACROS Security Lists wrote:
For everyone interested in binary planting vulnerabilities, here's some new
information on the EXE vector from our research.
http://blog.acrossecurity.com/2010/09/binary-planting-goes-exe.html
Tell news!
1) There is an equivalent to SafeDLLSearchPath for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-
Debian Security Advisory DSA-2106-1 secur...@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2010
=
Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking
Vulnerability (dwmapi.dll)
=
1. OVERVIEW
The Flash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:172
http://www.mandriva.com/security/
I was recently taking a look at the Apache Traffic Server project (which I
believe was formerly developed by Yahoo Inc) and notice a series of potential
problems relating to the way that it handles DNS. This proxy does not rely on
the OS supplied resolver library for resolving hostnames but
!--==
==
Internet Explorer ver 7.0.5730.13
Tested On Windows SP2
Inj3ct0r team yogyacarderlink team
Bug discovered by eidelweiss
Affected Software: idaiehlp.dll BHO: IE 4.x-6.x BHO for Internet Download
Accelerator -
For what it's worth (to your research) there are also hybrids; ie, a
normal executable can be executed from a dll perspective, as the other
way round; they're the same format.
Executables simply have a specific standard entry point.
Thought I'd remind you that this vuln might exist in less known
=
PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking
Vulnerability (tsp.dll, tvttsp.dll)
=
1. OVERVIEW
The PGP Desktop application is vulnerable to
[DCA-00015]
[Software]
- YOPS (Your Open Personal [WEB] Server)
[Vendor Product Description]
- YOPS (Your Own Personal [WEB] Server) is a small SEDA-like HTTP
server for Linux OS written in C. There are 7 stages (accept, parse,
launch, fetch, error, send and log), and pipes are used as
