tag
ASLR

Aprovechamiento de vulnerabilidades de Windows en 2013

Este post es una traducción y adaptación de su versión original en We Live Security En el último año, Microsoft (MS) corrigió una gran cantidad de vulnerabilidades para Windows y sus componentes, así como para Office. Algunas de estas vulnerabilidades eran utilizadas por atacantes para propagar códigos maliciosos antes de que estuviera disponible la revisión para

CVE2012-1889: MSXML use-after-free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

CanSecWest: Mitigation versus Impregnability

Inevitably, CanSecWest  2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR [1]) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone. For details and extensive comment see: http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/ http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
19 Feb 2014
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.