Previous
Microsoft Security Bulletin MS02-039
Downloads The first two are buffer overruns. Mitigating factors: Buffer Overruns in SQL Server Resolution Service: SQL Server 2000 runs in a security context chosen by the administrator at installation time. SQL Server 2000 introduces the ability to host...
[July 25, 2002, 8:00]
Can OpenBSD really eliminate buffer over-runs?
News How significant are buffer overruns? Of course, this heavy incidence of buffer overruns isn't unique to OpenBSD or even to Unix. The bottom line is that buffer overruns are the cause of many security flaws and software vulnerabilities, and any work...
[April 28, 2003, 7:54]
Spat over MS 'flaw' gets heated
News A program built using the GS flag option runs additional instructions that can catch some of a class of security flaws known as buffer overruns. While the statement implies the existence of a vulnerability that makes the feature ineffectual, in...
[February 18, 2002, 13:03]
Lowdown on latest MS security bulletin
News Two are buffer overruns involving the Resolution Service and affect either the stack or the heap. MS02-039 -- Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution MS02-037 -- Server Response to SMTP Client EHLO Command...
[August 6, 2002, 13:50]
MSDN Webcast: Writing Secure Code: Best Practices (Part 2 of 2) ( Level 200)
White Papers The presenter of this webcast discusses common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks and how to effectively defend against these threats.
[August 1, 2007, 1:00]
First virus hits 64-bit Windows
Talkback The DEP or NX enhancements to AMD64 processors and which should be in Intel processors next year, are, as far as I am aware, for buffer overruns and programs trying to illegally execute code which has been hidden in data segments.
[August 24, 2004, 10:23]
Microsoft Internet Explorer 5.5 SP1 Security Update Malformed vCard
Downloads When the recipient opens the vCard, the data overruns the buffer. This vulnerability exists because the component in Outlook and Outlook Express that processes the vCard (virtual business card) has an unchecked buffer (a temporary data storage area...
[February 22, 2001, 7:00]
Microsoft patches ten IIS vulnerabilities
News Some of the vulnerabilities are buffer overruns that can allow attackers to run arbitrary code on the server or to open the servers to host, or be the target of, denial of service attacks. IIS 4.0 (Windows NT 4.0)--Active Server Pages (ASP) ISAPI...
[April 29, 2002, 13:39]
New Windows flaw similar to MSBlast bug
News The first two flaws are buffer overruns, which allow a hacker to take over a computer by swamping it with data. By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the...
[September 11, 2003, 10:57]
Oracle plugs six database holes
News Buffer overflows, or overruns, occur when an application does not handle memory correctly. The current flaws include four critical buffer overflows in various components of Oracle's database server software, including its latest Oracle 9i Release 2.
[February 19, 2003, 7:41]
Microsoft aims to increase time between patches
News Even if you take down the firewall, XP SP2 now has memory protection that filters buffer overruns. It was a buffer overrun and it scanned for other systems to infect. We want to change the rules so even when a hacker can exploit a buffer overrun he...
[November 18, 2004, 11:35]
Perl warnings toned down
News Typically in Perl you don't have to worry about buffer overruns. The sprintf bug fixes the problem that could cause a buffer overflow and unlock a vulnerable system for an attacker. Perl. These updates ensure that such flaws can't be used as a...
[December 16, 2005, 9:10]
Microsoft taught security by open-source community
News Let me answer [like] this -- buffer overruns, we know how to fix them now," Stathakopoulos said. Microsoft's global director of product security, George Stathakopoulos, has told ZDNet Australia that the software giant has learned security lessons...
[May 7, 2003, 12:10]
Microsoft warns of Office, IE security risks
News The new bugs are buffer overruns for Gopher and for Active X controls, a problem in HTML directives displaying XML data, a bug in file downloads, a cross-domain verification vulnerability, and a variant of cross-site scripting.
[August 23, 2002, 7:43]
Microsoft confirms Longhorn server
News Rudder promised that Microsoft will bring to its products some of the techniques it has found for preventing common breaches such as buffer overruns. Microsoft on Tuesday confirmed that there will be a server version of Longhorn, the next major...
[October 29, 2003, 9:10]
Gates reassures customers over security
News On the desktop, major security improvements will be made to Windows XP with the upcoming release of Service Pack 2, including default use of Windows' built-in firewall and memory management technology to limit exploitation of "buffer overruns," a...
[April 1, 2004, 11:30]
Web at risk from new MS flaw
News The module, known as the Indexing Service ISAPI Filter, does not properly check for buffer overruns, a common problem in software. Microsoft said Monday that a "serious vulnerability" in its flagship Web server software used by computers running...
[June 19, 2001, 8:30]
Developer tools to launch with XP Service Pack 2
News The company has enhanced its firewall and made changes in how Windows interacts with a computer's memory to prevent "buffer overruns," a commonly used technique by malicious code. Microsoft is readying updates to its programming tools that will be...
[March 1, 2004, 8:40]
Study lauds open-source code quality
News This last problem is often associated with buffer overruns, a major weakness that under some circumstances can let an attacker take over a computer. A consulting group that scrutinises the source code underlying several operating systems has found...
[February 20, 2003, 7:42]
Windows XP SP2 more secure? Not so fast review
Reviews No more buffer overruns? A buffer overflow is the method the Sasser worm used to infect PCs. Microsoft used this release to harden its operating system; in other words, Microsoft recompiled all its Windows system binaries to include a new flag, GS...
[August 17, 2004, 13:55]
