IBM Internet Security Systems Internet Threat Information

IBM Internet Security Systems Internet Threat Information http://www.iss.net en 2007 IBM Internet Security Systems. All rights reserved worldwide. Microsoft Windows Shell Could Allow Remote Code Execution http://www.iss.net/threats/373.html A vulnerability in Microsoft Windows exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed.. Fri, 23 Jul 2010 00:00:00 -0400 ACCWIZ Release-After-Free Remote Code Execution Vulnerability http://www.iss.net/threats/371.html A successful exploitation attempt results in code execution with privileges equal to the Microsoft Office program used as an attack vector. Restrictions in up-to-date versions of Internet Explorer prevent it being used as an exploitation vector. Tue, 13 Jul 2010 00:00:00 -0400 Microsoft Office Outlook Could Allow Remote Code Execution http://www.iss.net/threats/372.html A vulnerability in Microsoft Office Outlook can be remotely executed. By convincing users to open an attachment in a specially crafted e-mail message, a remote attacker could execute arbitrary code on the system. Tue, 13 Jul 2010 00:00:00 -0400 Microsoft Windows Help and Support Center Could Allow Remote Code Execution http://www.iss.net/threats/370.html Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution Mon, 14 Jun 2010 00:00:00 -0400 Improper Validation of COM Objects in Microsoft Office http://www.iss.net/threats/368.html Microsoft Office applications fail to properly validate COM objects embedded in compound documents.  This allows attackers to bypass the security settings of Office and embed known flawed objects in Office files.  Upon exploitation of the pre-existing flaws in these controls, attackers can achieve arbitrary code execution. Tue, 08 Jun 2010 00:00:00 -0400 Flash Player, Adobe Acrobat and Acrobat Reader Remote Code Execution http://www.iss.net/threats/369.html A vulnerability in Flash Player, Adobe Acrobat and Acrobat Reader can result in remote code execution.  IBM ISS customer's have been protected preemptively since 2008 from this exploit with protection listed below. This vulnerability was discovered being exploited in the wild on June 4, 2010, and publicly acknowledged by Adobe on June 4, 2010.  A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.. Mon, 07 Jun 2010 00:00:00 -0400