“Chemical attack” email warnings deliver Jester Stealer malware

Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team CERT-UA has warned of a large distribution campaign abusing a "chemical attack" theme. Receiving an email like this in the invasion-affected regions of...

Solutions for Handling ".ica" Files in Web Browsers

Note : This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information. When launching an application or desktop via an Internet Browser Google Chrome, Firefox, Intern...

May 9, 2017—KB4019474 (OS Build 10240.17394)

May 9, 2017—KB4019474 OS Build 10240.17394 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports...

Sun Java Runtime Environment 1.4.x Font Object Assertion Failure Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when...

Sun Java Runtime Environment 1.3/1.4/1.5 Nested Array Objects Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. This issue is reported to affect Java Runtime...

PHP: sapi_header_op() %0D sequence handling security bypass

The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...

Internet Download Manager module (idmmkb.dll) Tonec Inc

Exploit for windows platform in category local exploits ======================================================= Internet Download Manager module idmmkb.dll Tonec Inc ======================================================= Exploit Title: Dll Hijacking Exploit Application: Internet Download Manager...

Preemptive Protection against Adobe Reader and Acrobat Mozilla plug-in Remote Code Execution Vulnerability (APSB09-15)

A remote code execution vulnerability has been discovered in Adobe Reader and Acrobat. A remote attacker could implant a shell code on a target system using heap spray exploitation method. Heap spraying is a technique for exploiting vulnerabilities in internet browsers e.g. Internet Explorer,...

[Full-disclosure] [SVRT-05-08] Critical BoF vulnerability found in ffdshow affecting all internet browsers (SVRT-Bkis)

General Information ffdshow is a DirectShow filter and VFW codec for many audio and video formats, such as DivX, Xvid and H.264. It is the most popular audio and video decoder on Windows. Besides a stand-alone setup package, ffdshow is often included in almost all codec pack software such as...

Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS

window.close в цикле на событие OnLoad приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript...

Sun Java Runtime Environment 1.31.41.5 - Nested Array Objects Denial of Service

Sun Java Runtime Environment 1.31.41.5 - Nested Array Objects Denial of Service source: https://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions...

Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service

source: https://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. This issue is reported to affect Java Runtime Environment versions up to 1.4.211...

Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution 911564 Published: February 14, 2006 Version: 1.0 Summary Who should read this document: Customers who use a Microsoft Windows Media Player...

Apple Safari 1.x - Cookie Directory Traversal

Apple Safari 1.x - Cookie Directory Traversal source: https://www.securityfocus.com/bid/9841/info Multiple vendor Internet Browsers have been reported to be prone to a cookie path argument restriction bypass vulnerability. The issue presents itself due to a failure to properly sanitize encoded UR...