Security Notices - Page 2 - boards.ie
Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
30-12-2005, 19:02   #16
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
http://secunia.com/advisories/18255/
Quote:
The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf")... Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.
"F-Secure reports detecting 57 different malicious WMF files in the wild so far."
http://www.sans.org/newsletters/risk Alert Vol. 4 No. 52

Quote:
Originally Posted by The_Edge
If your concerned for you security on the web please follow these steps until Microsoft releases a patch for it. This will unregister, or "disable" for want of a better word, the file that is causing this exploit.

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Last edited by Capt'n Midnight; 30-12-2005 at 19:04.
Capt'n Midnight is offline  
Advertisement
06-01-2006, 00:48   #17
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
Patch for
Microsoft Security Bulletin MS06-001
[SIZE=1]Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
more
http://www.boards.ie/vbulletin/showp...0&postcount=19
Capt'n Midnight is offline  
11-01-2006, 13:16   #18
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
Second Tuesday again
http://www.microsoft.com/technet/sec.../MS06-002.mspx
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

The recent WMF patch protects IE from dodgy images, this one is to protect IE from dodgy text. Also there is some speculation that the WMF hole in GDI.exe could have been present as far back as Windows 3.0 so you can't assume IE will ever be safe even if it goes 6 months without needing a patch.

Alternatives to IE
http://www.opera.com - Best out of the box browser, closed source but so far the most secure windows browser.
http://www.mozilla.com - most tweakable browser, open source, generally needs patching more often than opera
Capt'n Midnight is offline  
25-10-2008, 12:56   #19
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
http://www.microsoft.com/technet/sec.../ms08-067.mspx
On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
Capt'n Midnight is offline  
17-12-2008, 21:02   #20
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
http://www.microsoft.com/technet/sec.../ms08-078.mspx

The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer
Capt'n Midnight is offline  
Advertisement
10-06-2011, 11:22   #21
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
Lots of patching to do next week.
http://www.microsoft.com/technet/sec.../ms11-jun.mspx

http://www.theregister.co.uk/2011/06...une_pre_alert/
Quote:
Nine of the bulletins earn the dread rating of critical, while the other seven grapple with flaws rated as important. All supported versions of Windows will need patching on 14 June along with various server-side software packages and applications, including the .NET framework and SQL Server. Internet Explorer, which is affected by two bulletins, will also need some fiddling under the bonnet.

Office suites also need to be updated thanks to a security fix for Excel that also affects the Mac OS X version of the product as well as virtually all versions of the spreadsheet software on Windows, including the most recent 2010 and 2011 editions of the software.
Capt'n Midnight is offline  
06-07-2012, 10:33   #22
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
https://secunia.com/vulnerability_scanning/personal/
Must say I'm impressed with the new version. It will patch most of your applications with minimal fuss. You could set it up for your Granny.
Capt'n Midnight is offline  
Thanks from:
16-08-2012, 00:41   #23
RUCKING FETARD
Closed Account
 
Join Date: Jun 2012
Posts: 1,432
Microsoft and Adobe Keep IT Busy with Critical Security Patches
RUCKING FETARD is offline  
09-04-2013, 21:50   #24
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
Reminder - new patches for windows / IE out now.
Capt'n Midnight is offline  
Advertisement
15-05-2013, 15:10   #25
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
 
Join Date: Mar 2003
Posts: 46,688
Just a reminder it's that time of the month again.

http://technet.microsoft.com/en-us/s...letin/ms13-may
Patches for IE6 through IE10 and Office , usual Remote Code Execution stuff

The first patches say there might be less damage if you aren't logged in with admin rights, which is then undermined because the last patch is about attackers gaining elevated privileges anyway.
Capt'n Midnight is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet