Search DaniWeb - zero-day-vulnerability

zero-day vulnerability 9 Years Ago by alisandro13 Why can an exploit of a zero-day vulnerability be particularly devastating? Re: zero-day vulnerability 9 Years Ago by JorgeM It is called a "zero-day" because the vulnerability unknown to the vendor. This vulnerability is then exploited by hackers before the vendor is aware. Since the vendor is not aware, there is no fix for it at the time of the exploit. Depending on the exploit, I'd say there is a potential for a devastating result. WARNING: new Adobe zero-day vulnerability in the wild 14 Years Ago by happygeek … Adobe has admitted that there is yet another possible zero-day vulnerability in Adobe Acrobat and Reader, oh deep joy. …confirms[/URL] "...Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and ….symantec.com/connect/blogs/zero-day-xmas-present"]Symantec[/URL] which discovered the vulnerability "the PDF files… The no-patch Java 6 zero-day conundrum 10 Years Ago by happygeek …www.daniweb.com/software-development/java/threads/449198/warning-new-zero-day-for-java-6u41-and-java-7u15). It's the…www.qualys.com/), calls an implicit zero-day vulnerability. Think of this as being where a vulnerability is known but there is no… then, that security vendors have seen this Java 6 zero-day exploit in the wild and even, according to F-… WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek …are warning that they have [detected a new zero-day vulnerability](http://blog.fireeye.com/research/2013/02/yaj0-yet…-another-java-zero-day-2.html) that is being used successfully in…exploit. FireEye researchers state that: > ...this vulnerability leads to arbitrary memory read and write in JVM process… Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 11 Years Ago by happygeek … for a permanent fix to deal with the Internet Explorer zero-day exploit that surfaced during the seasonal holiday period is going… so after discovery is optimistic to say the least. The [zero-day vulnerability](http://support.microsoft.com/kb/2794220) in question affects users… Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 11 Years Ago by LastMitch >The zero-day vulnerability in question affects users of versions 6, 7, and 8 … Visual Studio zero-day exploit code in the wild 17 Years Ago by happygeek …;]advisory [/URL]warning about a Visual Studio 2005 vulnerability in the WMI Object Broker ActiveX control, part …limited attacks that are attempting to use the reported vulnerability.” Limited, I would imagine, by the fact that… mitigate their exposure to this attack.” Indeed, any zero-day exploit that enables arbitrary code execution has to be… Feedly Android JavaScript zero day found, fixed and can be forgotten 10 Years Ago by happygeek …http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html) that the Feedly Android app, or at…17th 2014, had been subject to a zero-day JavaScript code injection vulnerability. Jeremy reported the discovery to the … although there is currently no evidence that the zero day was exploited by anyone other than the researcher … WARNING: Adobe Acrobat, Flash and Reader Zero Day Vulnerability 15 Years Ago by happygeek … of what it describes as a "critical vulnerability" which exists within the current versions of … Windows, Macintosh and Linux operating systems, The same vulnerability can be found within the authplay.dll component that …[/URL] that there are "reports that this vulnerability is being actively exploited in the wild via limited,… Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by jwenting … to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV… Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by bguild … to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV… Re: Linux Zero Day: JournalCtl and Syslog Terminal Escape Injection 9 Years Ago by turboborland … why I password protected it to prevent more caching. The vulnerability itself isn't that severe considering you have to use… Re: Linux Zero Day: JournalCtl and Syslog Terminal Escape Injection 9 Years Ago by happygeek Just to clarify, I was sent the information about the vulnerability along with all the detail as a potential news story … Re: The no-patch Java 6 zero-day conundrum 10 Years Ago by masijade I'm fairly willing to bet that those Oracle customers with the correct support contract DO have a fix. Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by peter_budo No flaming inteded, however it would be nice once in while if you wrote about something that got fixed. Open source community is doing their best to help to tacle all while trying to bring new stuff in. World is not all negative... ;) PS: Can get you in touch with London open source community with influence on Oracle Java development, just ask. Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek The world may not be all negative Peter, but security problems usually are. Would you rather people were not warned, in a timely fashion, of real world threats out there that could impact upon their data? Some things just cannot be sugar coated... Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by bguild All security issues are some variety of design failure. No one can sneak into your computer through the internet without an invitation, so the big questions are what design failure in the JVM makes this theoretically possible, and what is being done about it? The good news that I want to hear is that Oracle has not only fixed the security hole, … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek ...and worth reporting, no doubt about that! :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by peter_budo Yes people should be warned, but there should aslo be a notice "Hey they fixed this..." Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek When Oracle fixes it, really fixes it rather than keep using sticking plasters to try and stem an arterial bleed, then I will be the first to write a news story saying so. That said Peter, don't hold your breath :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by JamesCherrill It seems Oracle have rushed out a quick fix (or maybe just a sticking plaster?) for this one... http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek Comment from Lamar Bailey, Director of Security Research and Development at nCircle on the latest patch/fix: > Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by jwenting you seem to misunderstand my point :) Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 11 Years Ago by silvercats Do not use IE. USe google chrome, Firefox. IE is trouble Re: Microsoft will not patch Internet Explorer zero-day flaw on Tuesday 11 Years Ago by Andrew54 I use FireFox browser. WARNING: USB-based malware ignoring Windows AutoRun config 14 Years Ago by happygeek … features. The bad news is that a new zero-day vulnerability could care less, and executes automatically anyway. […attach]15918[/attach]The zero-day vulnerability in question was first spotted by Sergey Ulase, …that more malware will take advantage of the zero-day exploit used by the Stuxnet rootkit, taking … Internet Explorer vulnerable on Windows 7 14 Years Ago by happygeek So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened … as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" …that new versions of Windows simply make exploiting the vulnerability harder, not impossible. It becomes even more worrying… VAServ hacker damages 100,000 websites 15 Years Ago by happygeek … access to a large Internet Service Provider, reportedly via a zero day vulnerability over the weekend, and destroy data from 100,000 websites…/webhost_attack/"]stated[/URL] that the attackers apparently exploited a vulnerability in virtualisation software called HyperTM in order to gain access… Unpatched Adobe exploit comes with 'no click' code execution 15 Years Ago by newsguy Adobe has yet to patch a critical zero-day vulnerability in Acrobat and Reader applications which is in the wild …