EUVD-2009-2473

Malware in sbrugna...

Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug

It’s been a busy week in InfoSec land, as Intel released a new Spectre patch, iOS source code was leaked online, and a zero-day Flash bug got exploited in the wild. Also making noise these past few days: A major security hole in the Grammarly web app, WordPress updates tripping over each other, a...

From inter to intra: gaining reliability

Posted by Chris Evans, avoider of crossing heap lines. Part 2 of 4. In the first post in this series, we concluded with a traditional exploit for Adobe Flash bug 324, and noted that it could never be 100% reliable. We also challenged ourselves to do better! Is there some way we can leverage the...

Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free. After parsing a malformed mp4 file, Flash will keep on accessing a block of memory for timing. Such memory block is still accessed even the page containing Flash is closed, which leads to a memory crash...

Adobe Flash bug allow spying Webcam hole

Adobe Flash bug allow spying Webcam hole The flaw was disclosed in 2008 and can be exploited to turn on people's webcams or microphones without their knowledge. Attack involved putting the Adobe Flash Settings Manager page into an iFrame and masking it with a game, so that when the user clicked o...

Troubling Cracks Showing in Internet's Security Foundation

The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. B...

New Version of Google Chrome Fixes Flash Bug, Three Critical GPU Flaws

Google has released a new version of its Chrome browser that includes not only an updated version of Adobe Flash that fixes a critical bug, but also patches for three critical vulnerabilities in the browser’s GPU process. The new version of Chrome, which is version 10.0.648.205, includes the firs...

Adobe Releases Emergency Fix for Critical Reader Flaws

Adobe on Tuesday released an emergency patch for several critical vulnerabilities in Adobe Reader, including the recent Adobe Flash bug and a separate flaw that was disclosed earlier this month. The patch released Tuesday is outside of the company’s normal quarterly update schedule for Reader and...

Mozilla Firefox Buffer Overflow Vulnerability - July09 (Windows)

The host is installed with Mozilla Firefox browser and is prone to Buffer Overflow vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxbofvulnjul09win.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Buffer Overflow Vulnerability - July09 Windows Authors: Sharath S Copyright: Copyright...

Null pointer dereference

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via unspecified vectors, related to a "flash bug."...

CVE-2009-2478

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via unspecified vectors, related to a "flash bug."...

CVE-2009-2478

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via unspecified vectors, related to a "flash bug."...

CVE-2009-2478

Mozilla Firefox 3.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via unspecified vectors, related to a "flash bug."...