Zero Day Initiative Advisory 10-254
Zero Day Initiative Advisory 10-254 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom's edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Researcher Releases Android Exploit In Webkit Browser Engine
And Android security hits the news...
Exploit Next Generation SQL Fingerprint (ESF) – MS-SQL Server Fingerprinting Tool
SQL Server fingerprinting can be a...
Linux Kernels vulnerability since 2001 (and still working)
vulnerability in all Linux kernels since 2001