[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: The Rise of the =?windows-1252?Q?=93Blackhole=94_Exploit_Kit?= =?windows-1252?Q?=3A_The_Importance_o
From: Susan Bradley <sbradcpa () pacbell ! net>
Date: 2012-07-20 6:04:45
Message-ID: 5008F4FD.5010708 () pacbell ! net
[Download RAW message or body]
The Rise of the “Blackhole” Exploit Kit: The Importance of Keeping All
Software Up To Date - Microsoft Security Blog - Site Home - TechNet Blogs:
http://blogs.technet.com/b/security/archive/2012/07/19/the-rise-of-the-black-hole-exploit-kit-the-importance-of-keeping-all-software-up-to-date.aspx
As mentioned earlier, typically the Blacole exploit kit attempts to
exploit vulnerabilities in applications such as Adobe Flash Player,
Adobe Reader, Microsoft Data Access Components (MDAC), the Oracle Java
Runtime Environment (JRE), and other popular products and components,
including:
* CVE-2006-0003
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0003> -
Unspecified vulnerability in the RDS.Dataspace ActiveX control in
Microsoft Data Access Components (MDAC)
* CVE-2007-5659
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5659> -
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier
* CVE-2008-2992
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2992> -
Adobe Reader "util.printf" Vulnerability
* CVE-2009-0927
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0927> -
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9
(multiple versions) allows remote attackers to execute arbitrary code
* CVE-2009-1671
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1671> - Java
buffer overflows in the Deployment Toolkit ActiveX control in
"deploytk.dll"
* CVE-2009-4324
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324> -
Adobe Reader and Adobe Acrobat "util.printd" Vulnerability
* CVE-2010-0188
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188> -
Adobe Acrobat Bundled Libtiff Integer Overflow Vulnerability
* *CVE-2010-0840
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840> - Sun
Java JRE Trusted Methods Chaining Remote Code Execution Vulnerability*
* CVE-2010-0842
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842> - Java
JRE MixerSequencer Invalid Array Index Remote Code Execution
Vulnerability
* CVE-2010-0886
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886> -
Vulnerability in the Java Deployment Toolkit component in Oracle Java SE
* CVE-2010-1423
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1423> - Java
argument injection vulnerability in the URI handler in Java NPAPI plugin
* CVE-2010-1885
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885> -
Microsoft Help Center URL Validation Vulnerability
* CVE-2010-3552
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552> - Sun
Java Runtime New Plugin docbase Buffer Overflow (aka "Java Skyline
exploit")
* CVE-2010-4452
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452> - Sun
Java Applet2ClassLoader Remote Code Execution Exploit
* CVE-2011-2110
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2110> -
Adobe Flash Player Unspecified Memory Corruption Vulnerability
* CVE-2011-3544
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3544> -
Vulnerability in the Java Runtime Environment component in Oracle
Java SE JDK and JRE 7 and 6 Update 27 and earlier
---
When posting or replying to messages on this list, please send all
emails in plain text format. HTML formatted messages will not be accepted.
PatchManagement.org is hosted by VMware
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic