kvisnilainen Опубликовано 17 апреля, 2008 Поделиться Опубликовано 17 апреля, 2008 вышло обновление к Firefox - нажмите на кнопку "Проверить наличие обновление" Спасибо, обновил. Потом решил посмотреть обновления на сайте Майкрософта и увидел, что появился первый сервис- пак к Висте :smile12: А вот и подробности: http://www.computerra.ru/news/354552/ Ссылка на комментарий Поделиться на другие сайты More sharing options...
Vinni Опубликовано 25 апреля, 2008 Автор Поделиться Опубликовано 25 апреля, 2008 информация для владельцев wifi-карт Intel2200BG 1) CRITICAL: Intel Centrino Wireless Driver Buffer Overflow Affected: Intel Centrino 2200BG Wireless Device Driver Description: The Intel Centrino 2200BG is a popular wireless network (802.11) card, commonly used in laptop computers. Its driver for Microsoft Windows contains a buffer overflow in its handling of wireless network traffic. A specially crafted wireless network frame could trigger this vulnerability, allowing an attacker to execute arbitrary code with kernel level privileges, completely compromising the vulnerable system. The wireless network interface on the vulnerable system need only be in range of the attacker; it need not be connected to any particular wireless network to be vulnerable. Full technical details and a proof-of-concept are publicly available for this vulnerability. Status: Intel confirmed, updates available. The patch can be accessed through Intel site reverenced below. References: Proof-of-Concept http://milw0rm.com/exploits/5461 Intel Security Advisory http://security-center.intel.com/advisory....anguageid=en-fr Wikipedia Article on 802.11, the Wireless Network Protocol http://en.wikipedia.org/wiki/IEEE_802.11 SecurityFocus BID Not yet available. Ссылка на комментарий Поделиться на другие сайты More sharing options...
Vinni Опубликовано 28 апреля, 2008 Автор Поделиться Опубликовано 28 апреля, 2008 обновление в ICQ6 TITLE: ICQ Personal Status Processing Buffer Overflow SECUNIA ADVISORY ID: SA29821 VERIFY ADVISORY: http://secunia.com/advisories/29821/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: ICQ 6.x http://secunia.com/product/14880/ DESCRIPTION: Leon Juranic has reported a vulnerability in ICQ, which can be exploited by malicious people to compromise another user's system. The vulnerability is caused due to a boundary error when processing "Personal Statuses" set via the "Personal Status Manager" menu. This can be exploited to cause a heap-based buffer overflow by creating a specially crafted personal status and e.g. sending a message to another user. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 6 build 6043. Other versions may also be affected. SOLUTION: The vendor has reportedly issued a fix via automatic updates. PROVIDED AND/OR DISCOVERED BY: Leon Juranic, INFIGO IS ORIGINAL ADVISORY: INFIGO-2008-04-08: http://www.infigo.hr/en/in_focus/advisorie...FIGO-2008-04-08 Ссылка на комментарий Поделиться на другие сайты More sharing options...
Loo Опубликовано 28 апреля, 2008 Поделиться Опубликовано 28 апреля, 2008 кстати, не рекомендуется использовать QIP Infium :o)) Ну пока во всяком случае, я бы не рекомендовал :о)) При всем уважении к qip'у Ссылка на комментарий Поделиться на другие сайты More sharing options...
Vinni Опубликовано 3 июля, 2008 Автор Поделиться Опубликовано 3 июля, 2008 обновление Firefox - TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30911 VERIFY ADVISORY: http://secunia.com/advisories/30911/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: From remote REVISION: 1.1 originally posted 2008-07-02 SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. 1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory. 2) An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a "fastload" file via "<script>" elements. 3) An error in the "mozIJSSubScriptLoader.LoadScript()" function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges. Successful exploitation requires that an add-on using the affected function is installed. 4) An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code. 5) An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content. 6) Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain. 7) Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR's signer. 8) An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted "DOM Range" and "originalTarget" elements. 9) An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections. 10) An uninitialized memory access in the processing of improperly encoded ".properties" files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file. 11) An error in the processing of "Alt Names" provided by "peer" trusted certificates can be exploited to conduct spoofing attacks. 12) An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file. Successful exploitation requires that the user is tricked into downloading and then opening a malicious Windows URL shortcut. The vulnerabilities are reported in versions prior to 2.0.0.15. SOLUTION: Update to version 2.0.0.15. http://www.mozilla.com/en-US/firefox/all-older.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Devon Hubbard, Jesse Ruderman, Martijn Wargers, Igor Bukanov, and Gary Kwong 2, 3, 6) moz_bug_r_a4 4) Greg McManus 5) Masahiro Yamada 7) Collin Jackson and Adam Barth 8) Claudio Santambrogio 9) Gregory Fleischer 10) Daniel Glazman 11) John G. Myers, Frank Benkstein, and Nils Toedtmann. 12) Geoff CHANGELOG: 2008-07-02: Added additional vulnerability details to the "Description" sections. Updated credits and the "Original Advisory" section. Added CVE references. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2...fsa2008-21.html http://www.mozilla.org/security/announce/2...fsa2008-22.html http://www.mozilla.org/security/announce/2...fsa2008-23.html http://www.mozilla.org/security/announce/2...fsa2008-24.html http://www.mozilla.org/security/announce/2...fsa2008-25.html http://www.mozilla.org/security/announce/2...fsa2008-27.html http://www.mozilla.org/security/announce/2...fsa2008-28.html http://www.mozilla.org/security/announce/2...fsa2008-29.html http://www.mozilla.org/security/announce/2...fsa2008-30.html http://www.mozilla.org/security/announce/2...fsa2008-31.html http://www.mozilla.org/security/announce/2...fsa2008-32.html http://www.mozilla.org/security/announce/2...fsa2008-33.html Ссылка на комментарий Поделиться на другие сайты More sharing options...
Рекомендуемые сообщения
Заархивировано
Эта тема находится в архиве и закрыта для дальнейших ответов.