Vulnerabilities in SumatraPDF Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting SumatraPDF Reader software version 2.0.1 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...

Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6

High-Tech Bridge Security Research Lab discovered two null pointer dereference vulnerabilities in Corel Quattro Pro. Opening of a malicious QPW Quattro Pro Spreadsheet document causes immediate application crash, resulting in a loss of all unsaved current application data of the user. 1 Multiple...

Vulnerability in Foxit Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Foxit Reader software version 5.1.4.0104 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Foxit...

Vulnerability in Cisco WebEx Player Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Cisco WebEx Player. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Cisco. Cisco has remediated the...

Updated Blackhole Exploit Kit Uses Random Domain Generation

An updated version of the Blackhole Exploit Kit appears to now offer an emerging technique to boost infection and redirection rates: a pseudo-random domain generator. The automation feature was discussed this week in a blog post by Symantec security researcher Nick Johnston, in which he outlined...

Microsoft Warns of XML Vulnerability Being Actively Exploited

Microsoft’s warning of a vulnerability in its XML Core Services 3.0, 4.0, 5.0 and 6.0 that allows remote code to be executed if a victim is convinced to visit a malicous Web site using Internet Explorer. The actively exploited security hole affects all supported Windows releases and all supported...

Apple QuickTime MPEG Parsing Memory Corruption

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple QuickTime Player software version 7.7.1 and earlier verisons. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected...

JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting OpenJPEG software version 1.4 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, OpenJPEG...

Vulnerabilities in XnViewer Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of two integer overflow vulnerabilities affecting XnViewer version 1.98.2 and earlier versions. Microsoft discovered and disclosed the vulnerabilities under coordinated vulnerability disclosure to the affected...

Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting IDA Pro running the IDAPython plugin. By default, the IDAPython plugin is installed with all versions of IDA Pro. Microsoft discovered and disclosed the vulnerability under...

Vulnerability in Wireshark Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Wireshark version 1.6.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Wireshark. Wireshark has...

Vulnerability in FFmpeg Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting FFmpeg version 0.8.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, FFmpeg. FFmpeg has remediat...

Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting FFmpeg version 0.8.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, FFmpeg. FFmpeg has remediat...

Vulnerability in Apple Safari Could Allow Information Disclosure

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari version 5.05 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Apple Inc. Apple Inc...

Vulnerability in Google Picasa Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Picasa for Windows version 3.6 build 105.61 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendo...

SEO Poisoning Campaign Infecting Users With Black Hole Exploit Kit

Researchers have found a new black hat SEO campaign that is being used to redirect users to links that will install the Black Hole exploit kit. The attack is based on searches for, of all things, Shia Labeouf, and leads users through a forest of redirects before plopping them on the compromised...

Vulnerability in Google SketchUp Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google SketchUp version 7.1 Maintenance Release 2 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...

Vulnerability in RealNetworks RealPlayer RichFX Component Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting RealNetworks RealPlayer SP version 1.1.4 and earlier, RealPlayer 11.1 and earlier, and RealPlayer Enterprise 2.1.2 and earlier. Microsoft discovered and disclosed the vulnerability...

Widespread LizaMoon Web Attacks Push Rogue Antivirus

Security firms are warning about a fast-spreading Web based attack that has been linked to the installation of rogue anti virus products. More than 300,000 Web sites have been compromised in a campaign dubbed “LizaMoon,” and are now serving up malicious links to rogue antivirus products, accordin...

New Bug in Internet Explorer Used in Targeted Attacks

There’s a new flaw in all of the current versions of Internet Explorer that is being used in some targeted attacks right now. Microsoft has confirmed the bug and said it is working on a fix, but has no timeline for the patch release yet. The company did not rule out an emergency out-of-band patch...