Previous
Buffer Overflow Exploits: The Why and How
White Papers Buffer overflow exploits are pervasive, powerful, and easy to use. Buffer overflow exploits can be prevented. If programmers were perfect, there would be no unchecked buffers, and consequently, no buffer overflow exploits.
[November 3, 2005, 0:00]
Buffer overflow flaw found in open source MP3 player
News The software vulnerability may lead to an exploit in which a specially crafted MP2 or MP3 file could cause a memory problem called a "buffer overflow" that could allow an attacker to run malicious code.
[January 12, 2005, 7:50]
Microsoft Windows 2000 Patch: Hyperterminal Buffer Overflow
Downloads This update resolves the "HyperTerminal Buffer Overflow" security vulnerability in Windows 2000. If you receive and open an HTML e-mail message that contains a particularly malformed Web address (URL), the URL can be used to exploit this...
[October 24, 2000, 8:00]
Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow
White Papers Cisco Systems has released Cisco Security Advisory: Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow. This paper describes the Firewall Authentication Proxy (Auth-Proxy) feature and discusses the workarounds and...
[February 22, 2007, 0:00]
Transmeta adds buffer-overflow protection at chip level
News The "No Execute", or NX, technology is designed to help prevent a buffer overflow, a type of attack that involves overwhelming a computer's defence systems and inserting a malicious program in buffer, or temporary, memory.
[May 18, 2004, 9:00]
Trend Micro plugs buffer overflow bug
News Security solutions provider Trend Micro has released a fix for buffer overflow vulnerabilities found in its home user and corporate anti-virus packages. The bug is known to allow individuals to use a controlled buffer overflow to crash the anti...
[December 12, 2002, 12:17]
Steps Involved in Exploiting a Buffer Overflow Vulnerability Using a SEH Handler
White Papers This paper uses buffer overflow vulnerability in an application to overwrite the SEH handler. This paper will outline all the steps necessary to exploit such vulnerability, from detecting the point of buffer overflow in the application, to writing...
[May 16, 2009, 1:17]
Windows Me HyperTerminal Buffer Overflow Vulnerability
Downloads The product contains an unchecked buffer in a section of the code that processes Telnet URLs. If a user opened an HTML mail that contained a particularly malformed Telnet URL, it would result in a buffer overrun that could enable the creator of the...
[June 30, 2001, 7:10]
VCard security hole leaves Outlook users exposed
News The vulnerability is known as a buffer overflow, because it allows code to execute outside the program's normal perimeters. Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC) in Europe, said virus writers rarely use buffer...
[February 26, 2001, 11:17]
Playing silly buffers: How bad programming lets viruses in
News One of the most prevalent types of attack on networked computers is the buffer overflow. The processor can read and write it as usual so a buffer overflow can happen, but if the compromised address tries to transfer control to within the buffer...
[January 15, 2004, 16:40]
Your antivirus software has B.O. review
Reviews A few weeks ago, the Spanish antivirus vendor Panda had to deal with a serious problem: there was a buffer-overflow error within its antivirus library. Some vulnerabilities were quite rare: McAfee VirusScan, for instance, produced a buffer overflow...
[December 12, 2005, 10:35]
OpenOffice bug hits multiple operating systems
News Security experts have discovered TIFF-based buffer overflow vulnerabilities in OpenOffice.org that could allow attackers to remotely execute code on Linux, Windows or Apple Mac-based computers. This results in the allocation of a buffer of...
[September 25, 2007, 10:00]
AOL: Fix for critical IM flaw due this week
News AOL acknowledged on Tuesday that its Instant Messenger client is vulnerable to a buffer-overflow attack, and promised that a fix would be available to users within days. The vulnerability is caused due to a boundary error within the handling of...
[August 10, 2004, 15:20]
Malicious Code Protector: A New Approach for Detecting and Blocking Buffer Over?ow Attacks
White Papers While attack countermeasures have been developed to identify a buffer overflow attack after it has emerged, current solutions are unable to identify new attacks or variations on the attack. To solve this problem Check Point developed Malicious Code...
[March 2, 2005, 2:00]
OpenOffice confirms hack attack risk
News OpenOffice.org has confirmed a buffer overflow issue that could allow remote attacks. In an email sent to ZDNet UK sister site CNET News.com, Louis Suarez-Potts, community manager for OpenOffice, said that work on a fix for the buffer overflow...
[April 14, 2005, 12:40]
Unix/Linux shops -- beware of Kerberos hole
News The Kerberos Administration daemon (kadmind), which is used in connection with Kerberos authentication, contains a buffer overflow vulnerability in many implementations, mostly affecting Linux/Unix. CERT Advisory CA-2002-29, "Buffer Overflow in...
[November 11, 2002, 16:54]
Security hole leaves HP-UX wide open
News A remotely exploitable buffer overflow has been detected in HP-UX servers running the telnetd remote access daemon, which could crash the server or allow an intruder to gain root access. The buffer overflow is derived from BSD UNIX source code, and...
[October 19, 2001, 17:07]
Yahoo fixes Messenger transfer flaw
News A serious security bug in Yahoo's Instant Messenger, which could cause a buffer-overflow error and leave users' machines open to malicious code, was finally repaired on Thursday. A buffer overflow occurs when an application receives a string of...
[January 12, 2004, 11:45]
Yahoo patches Messenger, Chat flaws
News Yahoo on Friday issued security patches for its Yahoo Instant Messenger and Yahoo Chat clients in an effort to fix a buffer overflow vulnerability discovered in the software. A buffer overflow is a common security vulnerability in computer programs...
[June 2, 2003, 7:49]
Why you must install a firewall -- now review
Reviews MSBlast, the worm that exploited the buffer overflow in Windows' DCOM RPC protocol, wasn't the sort of email-borne pest that anti-virus software is good at catching. In July, for example, Microsoft reported and patched a buffer-overflow...
[October 17, 2003, 11:30]
