Sicurezza IT proattiva
 

Suriya Raj Natarajan & Diwakar Ganesan's entries

Suriya Raj Natarajan

Intermediate Malware Analyst

He has 3 years of experience in analyzing malware for antivirus companies and in web development .
He particular interest in encryption and reversing stuff.

 

Diwakar Ganesan

Intermediate Malware Analyst

He has 6.5 years of experience from analyzing malware for antivirus companies and in marketing.

Skype - URI Handler Input Validation   Commento [0]

Suriya Raj Natarajan & Diwakar Ganesan April 29, 2010

Date released: March 11, 2010

Affected software: Skype for Windows: All releases prior to v4.2.0.1.55 (v4.2 hotfix #1)

Provided and/or discovered by:
Paul Craig, Security-Assessment.com Ltd.
Independently reported by Anonymous via ZDI.

Description

The Windows Skype client version implements two URI handlers, Skype: and Skype-Plugins. Both URI handlers allow for easy browser desegregation and are supported by all modern browsers. When a Skype link is clicked, the skype.exe process is spawned with…

Ulteriori informazioni
Blog tags: Vulnerabilities / Exploits

Internet Explorer (6/7/8) Remote Code Execution - Remote User Add Exploit   Commento [0]

Suriya Raj Natarajan & Diwakar Ganesan March 04, 2010

Objective

A malicious web site can be crafted using an exploit code that will allow IE (Internet Explorer) to be compromised and allow code to be executed on your computer.

The more severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using IE. User accounts with limited privileges on the system could be less impacted than administrative users accounts with full user rights.

Affected platforms: Microsoft Internet Explorer (versions 6, 7 and 8)

 

How…

Ulteriori informazioni
Blog tags: Malware, Vulnerabilities / Exploits