Last Updated: 2007-12-21 05:09:23 UTC
by Stephen Hall (Version: 2)
We have been working with Microsoft and a couple of our readers on an issue they have been having with MS07-069 and IE crashing after the roll up patch for IE has been installed.
So if you have a customised installation and have been having IE issues since MS07-069, this could be your solution.
Microsoft has released an update to fix this problem. You can find it here. (thanks Susan).
Last Updated: 2007-12-19 18:42:13 UTC
by Tom Liston (Version: 1)
Ok... so UNDOUBTEDLY there is something wrong with me, but I found this to be particularly funny:
CyberLover.ru, a site out of Russia, is selling a "hot, sexy" chatbot that they claim can trick unsuspecting men into divulging personal information, using any of 10 different personalities. They claim that their bot is so realistic that it can get victims to hand over phone numbers, addresses, photos, and more.
For years now, I've suspected that several of the ISC Handlers, who I know only via our Sooper Sekret Online Chat Room, are actually cunningly crafted perl scripts-- now I have some circumstantial evidence supporting that theory.
So.... the next time the Handler's chat starts getting all "frisky," I'm keeping my credit card numbers to myself...
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
Last Updated: 2007-12-19 07:44:21 UTC
by Maarten Van Horenbeeck (Version: 1)
Adobe has released updates which fix several critical vulnerabilities in Flash Player and GoLive.
Flash Player 220.127.116.11, 18.104.22.168 and 22.214.171.124 and earlier are affected by CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246 and CVE-2007-5476.
Several of the issues resolved are input validation errors, which could allow an attacker to execute arbitrary code through content delivered from a web location. This update resolves issues reported on various platforms (Mac OS, Linux, Windows). Adobe strongly recommends users of this version to upgrade to Flash Player 126.96.36.199 which can be downloaded from a link in their bulletin.
GoLive 9 and GoLive CS2 are affected by CVE-2007-2244 and CVE-2007-2365. These vulnerabilities are somewhat more difficult to exploit, but they can be exploited by convincing a user to include crafted BMP, DIB, RLE or PNG content into a GoLive document. Impact remains execution of arbitrary code, so we strongly recommend implementing the update.
Last Updated: 2007-12-19 03:09:47 UTC
by Stephen Hall (Version: 1)
HP released a vulnerability notice to Bugtraq on the 15th December indicating that :
A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.
Well, we received an e-mail from our good friend Raul Siles which indicate that this is potential more serious than a 'potential vulnerability' as POC code exists which grants remote access.
A workaround which disables HP Info Center is being hosted here: