Multiple medium risk flaws fixed in new version of PHP (late advisory)

David Litchfield of NGSSoftware has discovered multiple medium risk vulnerabilities in PHP. Versions affected include PHP 5.0.3 PHP 4.3.10 PHP has released updated versions of the software available here: http://www.php.net/downloads.php Whilst PHP is opensource, NGSSoftware will abide by our...

Multiple High Risk flaws fixed in Veritas i3

David Litchfield of NGSSoftware has discovered a critical vulnerability in the Veritas i3 Focalpoint Server. This component can be found bundled with other servers such as Indepth for Oracle. Versions known to be affected are 7.1 and earlier. Veritas has developed a patch to fix the problem. More...

Medium Risk Vulnerability in WinRAR

Peter Winter-Smith of NGSSoftware has discovered a medium risk vulnerability within the 'Repair Archive' feature in WinRAR. WinRAR versions 3.40 and older are vulnerable to this issue. This vulnerability has now been fixed by RARLabs in WinRAR version 3.41, and a fix can be downloaded from the...

MSN Gaming Heartbeat Component Buffer Overflow

John Heasman of NGSSoftware has discovered a high risk vulnerability in the Heartbeat component used on MSN related gaming sites. This vulnerability has now been fixed by Microsoft, and a fix can be downloaded from the Microsoft Security website:...

Microsoft Internet Explorer Install Engine Control Buffer Overflow

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Internet Explorer Install Engine control. Versions of Internet Explorer which are affected include: Microsoft Internet Explorer 5.x Microsoft Internet Explorer 6.x This vulnerability has now been fixed by...