Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Wolfgang Kandek. CTO Qualys: 0-day Vulnerabilties for Internet Explorer and Flash/Reader

November 2010 by Wolfgang Kandek, CTO Qualys

Microsoft published an advisory warning of an 0-day vulnerability in Internet Explorer affecting versions 6,7 and 8. Data Execution Prevention (DEP), a security feature first implemented in 2005 currently prevents the exploit from executing successfully. IE8 users have DEP enabled by default and are protected. According to Microsoft, only a single website was found to host the exploit, but others are soon expected.

Upgrading to IE8 with DEP is highly recommended.

Last week Adobe acknowledged a 0-day flaw in their standalone Flash product and in the embedded Flash player in Adobe Reader. Exploits found in the wild are currently limited to PDF files. Adobe’s mitigation instructions are to delete the embedded Flash player and detailed steps are given for Windows, Mac OS X and Linux. Adobe will publish a fix for Flash this week and has given mid-November as a date for the Reader fix.

We will keep you updated as further news comes out.

SRD Blog entry from Microsoft
PDF malware details at Contagio

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts