New Angler Exploits Bypass EMET Mitigations

New Microsoft Silverlight and Adobe Flash exploits that bypass Microsoft’s Enhanced Mitigation Experience Toolkit EMET have found their way into an updated version of the Angler Exploit Kit. EMET is a suite of freely available tools for Windows machines that mitigate memory-based attacks. The...

Microsoft EMET < 5.5 Security Bypass Vulnerability

The version of Microsoft Enhanced Mitigation Experience Toolkit EMET installed on the remote host is prior to 5.5. It is, therefore, affected by a vulnerability that allows a remote attacker to disable EMET, bypass its protection, and take control of the affected system. C Tenable Network Securit...

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow

Overview BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflow Description CWE-121-Stack-based Buffer Overflow BulletProof FTP Client 2010 does not check the length of the host parameter set in the quick connect bar. A long host value causes a stack-based buffer overflow,...

Microsoft EMET 3.x >= 3.5 / 4.x < 4.0.4913.26122 ASLR Security Bypass

Microsoft's Enhanced Mitigation Experience Toolkit EMET is installed on the remote system and is 3.x newer than or equal to 3.5 or 4.x prior to 4.0.4913.26122. It is, therefore, potentially affected by a security bypass vulnerability. The application stores function addresses in a predictable way...

Design/Logic Flaw

Microsoft Enhanced Mitigation Experience Toolkit EMET before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming ROP attack...

Microsoft EMET 4.0 Enables Certificate Pinning to Defeat MITM Attacks

Microsoft later this month will release a new version of its EMET protection tool, and this iteration will include a certificate pinning feature that will enable users to associate a specific certificate with a given certificate authority. The feature is designed a defense against man-in-the-midd...

Foxit Advanced PDF Editor 3 contains a stack buffer overrun vulnerability

Overview Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability. Description Foxit Advanced PDF Editor 3, and possibly earlier versions, contains a stack buffer overrun vulnerability that may be exploited by an attacker that is able to successful...

Adobe Reader and Acrobat font memory corruption vulnerability

Overview Adobe Reader and Acrobat fail to properly handle font data, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description A critical vulnerability exists in the font parsing code in Adobe Reader and Acrobat. The vulnerability results i...

Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited...