|
||||||
|
OpenOffice.org has shipped a new version of the open-source desktop productivity suite to patch a pair of highly-critical vulnerabilities that could expose users to arbitrary code execution attacks. The flaws, which affect all versions prior to OpenOffice.org 2.4.2, could be exploited via manipulated WMF and EMF files in StarOffice or StarSuite documents. The skinny: [...] Reliable exploit code for the remote code execution vulnerability patched with Microsoft’s MS08-067 update has been posted to the Internet, prompting a new “patch immediately” advisory from the Redmond software maker. The exploit, which has been added to the freely available Metasploit point-and-click attack tool, provides a roadmap for code execution on Windows 2000, [...] The dynamics of the underground marketplace are pretty similar to that of the legitimate marketplace, with cybercriminals demanding and supplying, consolidating and start to work together, and coming up with new monetization approaches in order to continue enjoying the high profit margins of their goods and services. The once highly exclusive market segment of [...] The Facebook worm that has been squirming its way through the popular social network now has a new friend — Google Reader. According to researchers at Fortinet, the worm’s creators are wrapping Google’s RSS reader around fake video downloads as part of a strategy to strengthen the social engineering component of the attack. From Fortinet’s [...] Everyone was discussing the MS08-067 vulnerability and its out-of-cycle patchlast week. My post on the topic elicited several comments from our readers, including the following by frgough: If this had been Apple, the article slant would have been all about poor security models, inherently flawed structure with lots of adjectives like massive, dangerous, overconfident, etc. [...] |
||||||
|
Copyright © 2012 Spyware Security - All Rights Reserved |
||||||
