=
- Release date: November 11th, 2009
- Discovered by: Laurent Gaffié
- Severity: Medium/High
=
I. VULNERABILITY
-
Windows 7 * , Server 2008R2 Remote Kernel Crash
II. BACKGROUND
TPTI-09-07: Microsoft Windows License Logging Service Heap Corruption
Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-09-07
November 10, 2009
-- CVE ID:
CVE-2009-2523
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows 2000
-- TippingPoint(TM) IPS Customer
This vulnerability has already been disclosed at least a year ago. For
example, see the Day-con II presentation Viral Art: Writing a Blender
Virus linked to here:
http://www.day-con.org/2008/SCHEDULE_%26_SPEAKERS.html The
presentation develops a virus exploiting the same vulnerability.
05/11/2009
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
===
Ubuntu Security Notice USN-853-2 November 11, 2009
firefox-3.5, xulrunner-1.9.1 regression
https://launchpad.net/bugs/480740
===
A security issue affects the following
This flaw has been considered as unlikely to be exploited for HTTPS,
as it only allows the attacker to inject prefixes. By changing the
trick given by Marsh Ray, the attacker can increase his
possibilities. More detail, and an example of the use of a slightly
modified version of this PoC to steal
Before the vulnerability..
HP buys 3Com in mega $2.7 billion deal
http://www.scmagazineus.com/HP-buys-3Com-in-mega-27-billion-deal/article/157601/
HP plans to buy 3Com ($2.7b), which owns TippingPoint, which runs ZDI,
which has a 1128-day vuln in HP products: http://bit.ly/2HEonE