Vulnerabilities / Threats
1/31/2008
12:37 PM
Connect Directly
RSS
E-Mail
50%
50%

Malware for Windows Is Widespread

BitDefender Lab's top 10 malware list for January reveals domination of malware exploiting Microsoft Windows Graphics

BUCHAREST, Romania –– BitDefender®, a global provider of award-winning antivirus software and data security solutions, announced today that malware exploiting Microsoft Windows graphics dominated the BitDefender Top 10 Malware List for January 2008. According to BitDefender Labs, the malware exploiting Microsoft Windows graphics rendering an engine vulnerability detailed in MS06-001, which was patched post-SP2.

"It is probable that a large number of unpatched copies of Windows exist in the wild, mostly pirated ones which don't download patches to avoid dealing with activation, hence the continued 'popularity' of this exploit among virus writers," said Sorin Dudea, head of BitDefender AV Research.

BitDefender

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.