Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking ...

Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier

A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking ...

ACROS Security 0patch (0PatchServicex64.exe) Unquoted Service Path Privilege Escalation

Summary 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic binary patches to/from running processes without having to restart these processes much less reboot the entire computer. Description The application suffers from an unquoted search...

ACROS Security 0patch 2016.05.19.539 Privilege Escalation

ACROS Security 0patch 0PatchServicex64.exe Unquoted Service Path Privilege Escalation Vendor: ACROS, d.o.o. Product web page: https://www.0patch.com Affected version: 2016.05.19.539 Summary: 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic...

ACROS Security 0patch 2016.05.19.539 - 0PatchServicex64.exe Unquoted Service Path Privilege Escalation

ACROS Security 0patch 2016.05.19.539 - 0PatchServicex64.exe Unquoted Service Path Privilege Escalation ACROS Security 0patch 0PatchServicex64.exe Unquoted Service Path Privilege Escalation Vendor: ACROS, d.o.o. Product web page: https://www.0patch.com Affected version: 2016.05.19.539 Summary:...

ACROS Security 0patch 2016.05.19.539 - (0PatchServicex64.exe) Unquoted Service Path Privilege Escala

Exploit for windows platform in category local exploits ACROS Security 0patch 0PatchServicex64.exe Unquoted Service Path Privilege Escalation Vendor: ACROS, d.o.o. Product web page: https://www.0patch.com Affected version: 2016.05.19.539 Summary: 0patch pronounced 'zero patch' is a platform for...

ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation

ACROS Security 0patch 0PatchServicex64.exe Unquoted Service Path Privilege Escalation Vendor: ACROS, d.o.o. Product web page: https://www.0patch.com Affected version: 2016.05.19.539 Summary: 0patch pronounced 'zero patch' is a platform for instantly distributing, applying and removing microscopic...

VMSA-2012-0014:VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates

VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2012-0014 VMware Security Advisory Synopsis: VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates VMware Security...

ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting

Adobe issued an update for Adobe Reader X new version is 10.1.3, which, among other issues, fixes an outside-the-sandbox msiexec.exe EXE planting vulnerability we reported to them earlier this year. This article explains the vulnerability and how it could have been exploited...

Google Chrome HTTPS Address Bar Spoofing

Google awarded one of our security researchers a Chromium Security Reward for an HTTPS address bar spoofing bug in Chrome 14 and 15 although it may be present in older versions too. The bug was fixed in Chrome 16, most browsers seem to be updated and we're happy to share technical details with th...

ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products

=====BEGIN-ACROS-REPORT===== PUBLIC ======================================================================= ACROS Security Problem Report 2011-01-11-1 ------------------------------------------------------------------------- ASPR 2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products...

ASPR #2010-11-10-2: Remote Binary Planting in Microsoft Word 2010

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-11-10-2 ------------------------------------------------------------------------- ASPR 2010-11-10-2: Remote Binary Planting in Microsoft Word 2010...

Breaking The SetDllDirectory Protection Against Binary Planting

An old unfixed Windows functional bug was just upgraded to a security bug. Our researchers have discovered that Windows' inability to consistently expand environment variables in user and system PATH breaks the binary planting protection provided by the SetDllDirectory function. The article...

ACROS Security: Remote Binary Planting in Apple Safari for Windows (ASPR #2010-09-08-1)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2010-09-08-1 ------------------------------------------------------------------------- ASPR 2010-09-08-1: Remote Binary Planting in Apple Safari for Windows...

The Week in Security: Gov2.0, DLL Patches and When Social Media Attacks!

Summer may have reached its unofficial end with the Labor Day holiday, but there was no break from security news this week, as both the Gov 2.0 Conference in Washington D.C. and a raft of warnings and patches from leading vendors kept the heat on high. We all know the Internet started as a U.S...

Mozilla Foundation Security Advisory 2010-52

Mozilla Foundation Security Advisory 2010-52 Title: Windows XP DLL loading vulnerability Impact: Critical Announced: September 7, 2010 Reporter: Haifei Li, Acros Security Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonkey...

VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09...

VMSA-2010-0007:VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

VMSA-2010-0007.1 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2010-0007.1 VMware Security Advisory Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple...

ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2008-03-11-2 ------------------------------------------------------------------------- ASPR 2008-03-11-2: Session Fixation Vulnerability in WebLogic...