VRT-2013-1004 (CVE-2013-6490): Buffer overflow in SIMPLE header parsing
Sourcefire Vulnerability Report VRT-2013-1004 (CVE-2013-6490):Buffer overflow in SIMPLE header parsing Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of SIP/SIMPLE message handling. An attacker who can control the Content-Len
VRT-2013-1002 (CVE-2013-6489): Buffer overflow in MXit emoticon parsing
Sourcefire Vulnerability Report VRT-2013-1002 (CVE-2013-6489): Buffer overflow in MXit emoticon parsing Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of the Mxit protocol in the libpurple library. An attacker who can control
VRT-2013-1003 (CVE-2013-6486): Pidgin uses clickable links to untrusted executables
Sourcefire Vulnerability Report VRT-2013-1003: Pidgin uses clickable links to untrusted executables Description An exploitable remote code execution vulnerability exists in Pidgin's implementation of file:// URL handling. An attacker can supply a remote path which will be ev
Our coverage for the Recent Point of Sale Compromises
On December 19th, 2013, Target Corp announced that it fell victim to a very sophisticated cyber-attack that took place around the Thanksgiving holiday. This led to the theft of information pertaining to over 40 million credit and debit accounts used at their stores. As many peop
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
The first Microsoft Update Tuesday of 2014 is here and it’s a very light month this time around. We’ve got 4 bulletins covering 6 CVEs. What’s remarkable is that there’s no Internet Explorer bulletin this month. There are also no bulletins that are marked critical, all 4 bulletin
Microsoft Update Tuesday: December 2013, some 0-day fixes
Microsoft’s final update for the year brings us 11 bulletins covering 24 CVE issues. As is customary, there is the critical IE bulletin, MS13-097. This time it covers 7 CVE issues. As in other months, this includes a number of use-after-free issues that we’ve come to expect in
A quick tutorial on ClamAV detection: Win.Adware.Bprotector
Bprotector is a fairly popular yet unexceptional family of adware. The thing that distinguishes it from other families is its prevalence. A specific sample, first seen in October 2013, has consistently been on top for detection rates on our FireAMP and Immunet products. The follo
Microsoft Update Tuesday November 2013: HyperV vulnerability and fix for 0day
We have a relatively light Update Tuesday this month: 8 bulletins covering 19 CVEs, 3 of which are marked critical. The most interesting vulnerability this month is actually in the non-critical ones: a vulnerability in Hyper-V (MS13-092). We’re also getting a fix for a 0-day vuln
Android Basic Block Signatures
Writing ClamAV signatures is a bit of an art. When matching bytes in a file, you need to make a selection that most, if not all of the malicious files will have, and hopefully, no clean files will have. Strings are an easy target. Often there are unique typos or a strange user-ag