Posts Tagged 'Zero-Day'

On March 24, Microsoft released Security Advisory 2953095 for Microsoft Word. In-the-wild exploitation of this vulnerability has been observed across limited, targeted attacks. The flaw is a memory-corruption vulnerability that can be invoked when parsing specially crafted RTF files or data. Successful exploitation can give an attacker the ability to run arbitrary code (via remote […]

On February 19, Microsoft released Security Advisory (2934088) for Microsoft Internet Explorer. This vulnerability was previously reported, by 3rd parties, during the 2nd week of February 2014. In-the-wild exploitation has been observed (at least) back to early January 2014. Specifically, the flaw is a use-after-free condition during Internet Explorer’s processing of specific CMarkup objects. We […]

On February 4, Adobe released an out-of-band update for Adobe Flash Player. The update addresses a critical remote code execution vulnerability that is being actively exploited in the wild. The update applies to Windows, Mac OS X, and Linux. We are currently analyzing details and indicators. Watch this space for updates, indicators, and more information […]