A patch for the cross-zone scripting vulnerability in Skype is still not
available. As I mentioned in my first advisory, Skype renders HTML pages in
several dialogs.
One of these dialogs is used by a feature called "SkypeFind". This feature,
available from version 3.1, allows Skype users promote an
> I want to share some of our thoughts on Skype security.
> I will try to be short: Skype has a feature, which allows user to insert a
video into his mood - video selection is done through skype partners and is
based on regular WEB functionality.
> So this feature practically inherits WEB's prob
On Jan 3, 2008 12:48 PM, Michal Zalewski <[EMAIL PROTECTED]> wrote:
> Note that any person familiar with the dialog is unlikely to be confused
> by this prompt, as a clear indication of the originating site, consistent
> with the design of this dialog, is preserved ("...at
> http://avivraff.com";)
Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.
Affected versions
Mozilla Firefox v2.0.0.1
Google Toolbar allows spoofing the information presented in the dialog which
is being displayed when adding a new Google Toolbar button. This can allow
an attacker to convince the users that his button comes from a trusted
domain. This button can then be used to download malicious files or conduct
CSRF can be used to cause denial-of-service attacks against mobile phones by
flooding the phone with SMS and service messages.
Mobile phone service providers in Israel, and throughout the world, provide
a web interface to send SMS messages. Fortunately, they limit the SMS
sending web interface to
Hi,
This is actually a 3 years old vulnerability.
It can also be used to open any type of file (with .exe extension) using its
external application, instead of opening it with the associated browser
plug-in (if exists).
E.g. I've been able to use this old vuln to automate the PDF attack vector
fou
Hi,
This is a cross-zone scripting vulnerability.
FeedReader uses the IE browser control to render HTML.
The RSS reader converts the RSS item data to a formatted HTML file and
caches it locally.
When the user clicks on the RSS item, the RSS reader displays the local
cached file, and any script in
Hi,
Version 6.5.3.12 is still vulnerable.
The only good solution I see here is that AOL will lock down Local Zone.
Ready, AIM, fire! http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx
--Aviv.
-Original Message-
From: Core Security Technologies Advisories [mailto:[EMAIL PROTECTED]
Sen
Great overview, Todd!
I've just wanted to mention that MS downplayed the vulnerabilities I've
found in Vista's Sidebar gadgets.
In my blog post
(http://aviv.raffon.net/2007/08/16/VistaGadgetsGoneWild.aspx), I've
demonstrated a scenario where a worm can be propagated by exploiting the
vulnerability
Hi Robert,
Protected Mode and UAC are different security features.
But even though, it is possible to access local resource ("res://") links
with Protected Mode and UAC features enabled. You can test it yourself here:
http://www.raffon.net/research/ms/ie/navcancl/cnn.html or watch the demo
video
Summary
Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its
local resources. In combination with a design flaw in this specific local
resource it is possible for an attacker to easily conduct phishing attacks
against IE7 users.
Affected versions
. Windows Vista - Internet Exp
The new version of Internet Explorer is vulnerable to a DLL-load
hijacking. When IE7 is executed it will load several DLL files. While
trying to load some of those files, it does not provide the full path
of the DLL file to the function which loads the DLL file to the
memory, and therefore Windows
Exploits for browser vulnerabilities are here to stay.
Most security products today are using reactive methods (signatures)
to detect the specific exploit, instead of trying to detect the
general case of the vulnerability exploitation. I already demonstrated
that evading those signatures is very e
.
-Original Message-
From: Pukhraj Singh [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 28, 2006 7:37 AM
To: avivra
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures
The code for exploiting the unpatched VML vulnerability is in-the-wild
for a week or so. This was enough time for Anti Virus, IPS/IDS and
other reactive security products' vendors to create a signature for
the in-the-wild exploit.
So, I put my hand on one of the in-the-wild and tested it using Vir
16 matches
Mail list logo