Home > Uncategorized > Security News #0x55

Security News #0x55

  • Microsoft has issued the patch MS13-080 to correct CVE 2013-3893, which is a vulnerability in Internet Explorer. Metasploit has a module that targets IE 9 on Windows 7 SP1, provided the target also has Office 2007 or Office 2010. The latter are needed to provide an appropriate ROP chain. Because the Metasploit module was posted prior to the patch being issued, folks raised the question of responsible disclosure. You may want to read the take from the folks at Metasploit on the subject.
  • One thing about Internet Explorer attacks, is that you need to keep them straight. There is another (slightly more recent) attack making the rounds this one is based on CVE 2013-3897. The problem here is in the CDisplayPointer class, rather than in the SetMouseCapture method. Like the previous, this was also fixed in MS130-080.
  • There is a new privilege escalation exploit for FreeBSD systems on Intel processors. The underlying vulnerability (CVE 2012-0217) is somewhat older. For a technical analysis of the underlying issue, you can head over to fail0verflow.
Learning More
Industry News
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: