30 matches found
Return-into-libc attack and Defense-bug warning-the black bar safety net
This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...
VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days
Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...
ASLR Added to Android 4.0
The newest version of the Android mobile operating system includes a major security upgrade, the presence of address space layout randomization ASLR, which gives users some better protection against memory-corruption exploits. The inclusion of ASLR in Android 4.0, also known as “Ice Cream...
Microsoft Warns On New Browser Vulnerability
Microsoft on Wednesday issued a security advisory to users of its Internet Explorer Web browser about a newly disclosed vulnerability that could be exploited and used to run malicious code on vulnerable Windows systems. The Redmond, Washington company said it is investigating new, public reports ...
Memcached / MemcacheDB information leak
Unauthorized user can obtain information about process memory layout, making code execution protection techniques ineffective...
Microsoft IE对象处理内存破坏漏洞
Internet Explorer是微软公司开发的广为流行的网络浏览器。 IE在处理畸形格式的网页标记时存在内存对象处理错误,远程攻击者可能利用此漏洞通过精心构造恶意标记数据导致IE处理时执行攻击者指定的任意指令。 此漏洞目前被挂马攻击者积极利用来向用户系统植入恶意软件,而且微软还未发布针对此漏洞的补丁。 Microsoft Internet Explorer 7.0 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 暂时不要使用IE 7浏览网页,可以使用Opera或Firefox。...
Important: Red Hat Security Advisory: alsa-lib security update
An updated alsa-lib package that fixes a flaw that disabled stack execution protection is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The alsa-lib package provides a library of functions for...
Security Update for Microsoft Office 2016 (KB3203383) 64-Bit Edition
A security vulnerability exists in Microsoft Office 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 1 SP1 enhances manageability, control, and security infrastructure by providing new security tools such as Security Configuration Wizard, which helps secure your server for role-based operations. SP1 improves defense-in-depth with Data Execution Protection, and...
Security Update for Microsoft Office 2010 (KB4011610) 32-Bit Edition
A security vulnerability exists in Microsoft Office 2010 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...