Home > Uncategorized > Security News #0x53

Security News #0x53

Exploits
  • We have a couple of new exploits in Metasploit attacking Windows targets, though it looks like the updated have not yet propagated downstream to Kali. The first attacks Internet Explorer via a use after free in how the cursor is handled. The problem is CVE 2013-3205, and was patched in MS13-069.
  • The second problem is a vulnerability in both XP and Server 2003; the issue here is how the system handles themes. These specify the path for the screen saver; if this is modified to point to a remote malicious file, well, bad things happen. The vulnerability is CVE 2013-0810, and it was patches in MS13-071.
  • We also mention a new Metasploit module that affects OpenEMR 4.1.1 Patch 14. OpenEMR is an open source tool for electronic medical records; it was featured in the 2012 mid-Atlantic Collegiate Cyber Defense Competition.
Learning More
Industry News
  • An exploit is circulating that affects Internet Explorer. The underlying vulnerability has the designation CVE 2013-2893. A Fix-It is available, and Microsoft has some of the technical details available. News of the attack has made a couple of places, including Threatpost and Ars Technica. The latter of these has one of my favorite lines for the week: " … readers are advised to install the Fix it, particularly if they use Internet Explorer regularly to browse websites." Hmmm- are there other uses of Internet Explorer?
  • We also have a (somehwat older) vulnerability (CVE 2013-3174) in Windows that can be triggered when a .gif file is viewed via any number of ways, including in Internet Explorer. Exploit code is now available in CANVAS.
  • It appears that there is a way to bypass the lock screen on iOS 7, at least in a limited way. The piece from Ars Technica is worth a read.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: