Zero Day Initiative Advisory 10-254 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the QuickTimeMPEG.qtx module. When handling an ELST atom’s edit list table data large values are not handled properly. Specifically, the media rate field is explicitly trusted and can be abused to control memory copy operations. By specifying a large enough value, an attacker can utilize this to write to an arbitrary address in process memory. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
Researcher Releases Android Exploit In Webkit Browser Engine
And Android security hits the news once again, itβs not a vulnerability in the OS per-say but rather in the browser based on the Webkit engine. It does highlight the inherent fragmentation problems with the Android platform and the security concerns that come with running old OS and software versions.
Exploit Next Generation SQL Fingerprint (ESF) β MS-SQL Server Fingerprinting Tool
SQL Server fingerprinting can be a time consuming process. It involves a lot many trial and error methods to fingerprint the exact SQL Server version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for a certain server are two of the ways to possibly fingerprint […]
Linux Kernels vulnerability since 2001 (and still working)
vulnerability in all Linux kernels since 2001