Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
14 January 2013
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not
properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Posted on 21 October 2014. | Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.
Posted on 15 October 2014. | Lynis unearths vulnerabilities, configuration errors, and provides tips for system hardening. It is written in shell script, installation is not required and can be performed with a privileged or non-privileged account.
Posted on 14 October 2014. | Enabling employees and contractors to bring their own devices to work has become a way of life for many organizations. Many understand that traditional perimeter security defenses are not effective at identifying attacks on mobile devices.
Posted on 13 October 2104. | Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.