Buffer overflow in Quicktime
A Dutch reader, G. Smit, gave us a heads up about a remotely exploitable vulnerability in Quicktime which can be exploited by malformed .mov files.
There is some information available at Offensive-security blog, in Dutch at security.nl, Fortiguard also shows the vulnerability. Securityfocus has also updated Bugtraq 32540.
Although neither Fortiguard or Securityfocus show the latest version of Quicktime, 7.6.5, as being vulnerable, we are getting reports that the exploit crashes 7.6.5.
-- Rick Wanner - rwanner at isc dot sans dot org
Why not Yellow?
A few people have written in to ask us why we have not gone to Infocon Yellow regarding the IE 0 day.
Changing the Infocon is a decision not taken lightly as we do know that people look at ISC and based on the infocon, react. Our definitions of when to change are also different to many other organisations and this causes some confusion in some readers. For example McAfee at the moment is at Critical, Symantec and Trend Micro are at Elevated, we are at Green for business as usual.
A number of reasons went into the decision not to raise the Infocon level. Currently there is no real evidence that "aurora" is wide spread, we have certainly not been inundated with reports. An exploit is available in Metasploit, but as far as we are aware at this moment there are no automated tools taking advantage of the exploit and widely attacking the internet. The exploit currently affects a version of the product that is two major revisions behind the current release, and should really not be widely used anymore. Easy work arounds are available by utilising other browsers or products, signatures are available from the AV vendors and the patch should be available in the next 3-4 weeks. From an Internet perspective the issue is currently very very low impact.
That said there are a number of things that have happened that we should all be aware of. The Google hack, malicious PDF files, there is an increase in FakeAV, and there will be scams relating to Haiti. Likewise there is a big chance that the "aurora" module will make an appearance in the various attack packs.
For now we will be monitoring the situations and keep you posted as usual.
Mark H
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago