Macrovision InstallShield Update Service ActiveX Unsafe Method Vulnerability iDefense Security Advisory 10.31.07 Oct 31, 2007 I. BACKGROUND MacroVision InstallShield is an installer solution utilized by many software vendors in order to ensure that their products are delivered and setup properly on the end-user systems. InstallSheild includes …

Read More…
Source: Full Disclosure

GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability

Read More…
Source: Security Focus

- - Gentoo Linux Security Advisory GLSA 200710-31 - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: October 30, 2007 Bugs: #196164 ID: 200710-31 - - Synopsis Opera contains multiple vulnerabilities, which may allow the execution of arbitrary code. …

Read More…
Source: Full Disclosure

Re: Firefox / IE6 crash on javascript nested loops

Read More…
Source: Security Focus

[ GLSA 200710-31 ] Opera: Multiple vulnerabilities

Read More…
Source: Security Focus

rPath Security Advisory: 2007-0225-2 Published: 2007-10-26 Updated: 2007-10-29 added thunderbird update Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: firefox=conary.rpath.comatrpl:1/2.0.0.8-0.1-1 thunderbird=conary.rpath.comatrpl:1/2.0.0.6-0.2-1 rPath Issue Tracking System: References: Description: …

Read More…
Source: Full Disclosure

ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to “reading from invalid pointer.”

Read More…
Source: National Vulnerability Database

SkiifGeek writes “Didier Stevens recently took a closer look at some Internet Explorer malware that he had uncovered and found that most antivirus products that it was tested against failed to identify the malware through one of the most basic and straight forward obfuscation techniques — the null-byte. With enough null-bytes between each character of code, it is possible to fool all antivirus products (though additional software will trap it), yet Internet Explorer was quite happy to render the code. Whose responsibility is it to fix this behavior? Both the antivirus / anti-malware companies and Microsoft’s IE team have something to answer for.”Read more of this story at Slashdot.

Read More…
Source: Slashdot Org latest news headlines

Microsoft is warning users to avoid suspicious websites and emails after attacks were reported on an unpatched flaw in Internet Explorer 7. The company would not provide exact figures, but said that a "limited number " of attacks had been reported. The attacks target a vulnerability in IE7's handling of the uniform resource indicator (URI) commands used by browsers to launch third-party applications. Microsoft disclosed the vulnerability on 10 October, explaining that it arises when the browser fails to check malformed URI instructions in Windows XP and Server 2003. Windows Vista is not believed to be vulnerable. Security firm Secunia rated the vulnerability as 'highly critical', the fourth of its five severity levels View: The full story @ vnunet Read full story…

Read More…
Source: Neowin.net

Prism, a new Windows-only beta release from Mozilla Labs, lets users run web applications in separate, stripped-down browser windows, making them look and act more like desktop applications. Compiler has a first look.

Read More…
Source: Wired News