Microsoft Google

Microsoft’s Google , so funny

http://www.schlabonski.de/bilder/msgoogle.png

Yahoo Messenger YMailAttach ActiveX Control Heap Corruption

Yahoo Messenger is “a instant messaging application that allows users to chat online, share files, conduct PC to PC calls and more”.
Remote exploitation of a heap corruption vulnerability in Yahoo Inc.’s Yahoo! Messenger could allow malicious web sites to execute arbitrary code with the privileges of the currently logged in user.

Public Advisory in iDefense : http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=456

MS Outlook Advanced Find -Remote Code Execution

Microsoft Outlook is “a popular personal communication manager that provides end users with a unified place to manage e-mail, calendar and contact information”.
As part of its standard offering, Outlook also includes an Advanced Search facility (Finder.exe) enabling end-users to query any aspect of their repository information. Unfortunately, it transpires that Outlook/Finder is susceptible to a remote Buffer overflow vulnerability, when processing the contents of a specially crafted Office Saved Search (.oss) file.

http://www.computerterrorism.com/research/ct09-01-2007.htm

Fedora Core 6 Starter Guide

my box !

This guide now being maintained by the Linux Center of University of Latvia, and everyone else who is willing to contribute.
http://ubuntuguide.org/wiki/Fedora_fc5

Adobe Reader

Adobe Reader Remote Heap Memory Corruption – Subroutine Pointer Overwrite
Piotr Bania has reported a vulnerability in Adobe Reader, which can
potentially be exploited by malicious people to compromise a user’s
system.
The vulnerability is caused due to an unspecified error when processing
PDF files. This can be exploited to cause a heap corruption and may
allow execution of arbitrary code when a specially-crafted PDF file is
opened.
The vulnerability is reported in version 7.0.8 and prior. Other versions may also be affected.
http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt
http://secunia.com/advisories/23666/

Poor ActiveX Handling in IE by Cephexin

the Cephexin :
Heyyaa there,
Long time no see!?
I’ve come to explain you a bug on ActiveX supporting in IE.
I was working on a SSH Authentication Bypass vulnerability that suddenly one of the friends on MSN buzzed me to write about ActiveX, so I leaved that and got surfing through the web.
I found the below bug interesting. It’s a simple heap overflow which is tested on the IE v6.00. You set this property on the browser and the result is a crash. It’s going to be a different heap overflow (than the others found in iexplore.exe), because it’s hard to detect this bug unless Heap Verification has been enabled in the Global Debug Flags for iexplore.exe. After iterating of this property set around 128 times or more, you’ll reach a possibly exploitable heap corruption …

See That http://blog.secumania.com/?p=7
what kind of nerd are you!

Well

i will write something about security and IT.
my English language isn’t very good ! , so sorry about this, so just read it as kiddy