Lowyat.NET: Latest topics by sykhairuldin

[WTS] MyDear Safety Gate Extension

sykhairuldin — Wed, 02 May 2012 15:48:46 +0800

Item(s): MyDear Safety Gate 14cm Extension

Package includes: Box with item itself. Extension gate ONLY. Not the safety gate.

Price: RM40 Retail at RM 49.90 !!

Warranty: No warranty

Dealing method: COD (USJ/Shah Alam/Klang)

Location of seller: Klang

Contact method/details: PM me

Age of item: New

Item(s) conditions: Good

Reason for sale: Bought extra. Over estimate stairs wide.

Pictures:From MY DEAR site http://www.mydear.com.my/

[attachmentid=2820248]

[attachmentid=2820251]

[addedon]May 2, 2012, 3:50 pm[/addedon]Apologize to admin if posting this topic to wrong section since there are no 'Garage Sales' for Parenting.

Thanks

Microsoft Office Excel 2002 Buffer Overflow

sykhairuldin — Thu, 14 Oct 2010 12:52:23 +0800

Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow vulnerability

Description:
A stack based buffer overflow vulnerability in Microsoft Excel 2002 (Office XP) can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension. The vulnerability results from improper parsing of a PivotTable Cache Data record. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

Vulnerable Systems:
* Microsoft Excel 2002 (Office XP SP3)

Exploit:

» Click to show Spoiler - click again to hide... «

Solution/Patch Availability:
Refer to the Microsoft bulletin "Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution".
http://go.microsoft.com/fwlink/?LinkID=196275&clcid=0x409

CVE Information:
CVE-2010-2562

Adobe Reader 9.3.4 Memory Corruption

sykhairuldin — Thu, 14 Oct 2010 12:36:24 +0800

Adobe Reader Multiple Memory Corruption DoS Vulnerability

Version 9.3.4 of Adobe Reader is vulnerable to multiple memory corruption vulnerabilities.
Vulnerable Systems:
* Adobe Reader 9.3.4

By sending specially crafted PDF files it is possible to cause memory corruption in the 3difr and AcroRd32.dll modules. Both issues trigger a null pointer condition which results in an access violation. The issue in AcroRd32.dll is triggered when Adobe Reader is closed.

Exploit:

» Click to show Spoiler - click again to hide... «

It may be possible to exploit these vulnerabilities to execute arbitrary code under the context of the user running Adobe Reader.

CVE Information:
CVE-2010-3630

Solution:
Update your Adobe Reader accordingly to a higher version or Adobe Reader 9.4

Microsoft patches 49 security vulnerabilities

sykhairuldin — Thu, 14 Oct 2010 11:57:31 +0800

Microsoft patches 49 security vulnerabilities in massive release

Microsoft released 16 security bulletins Tuesday to repair 49 security vulnerabilities, including six critical ones, in a record-setting patch release.

The massive update includes critical fixes for Internet Explorer, Windows and the Microsoft .NET Framework. It also includes an update to fix a vulnerability exploited by the Stuxnet Trojan, malware that seeks out Siemens industry control system software.

Tuesday's patch release breaks the previous record of 34, which was first set in October 2009 and matched in August, according to McAfee.

A cumulative update for Internet Explorer, MS10-07 repairs 10 security vulnerabilities, the most severe of which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer, according to Microsoft.

The vulnerabilities are easy for attackers to exploit, said Wolfgang Kandek, chief technology officer at Redwood Shores, Calif.-based Qualys Inc. "This is what you might want to patch as quickly as possible," he said.

MS10-076, which fixes a vulnerability in a Windows component -- the Embedded OpenType (EOT) Font Engine -- also is easily exploited by attackers because it doesn't require a lot of interaction by the user, Kandek said. Microsoft said an attacker who exploits the flaw could take complete control of a system remotely.

Jason Miller, data and security team manager at Saint Paul, Minn.-based patch management firm Shavlik Technologies, said MS10-071 and MS10-076 are the two bulletins that should raise an alarm for administrators. It's critical to patch any Web browser vulnerability quickly because malicious websites that exploit unpatched browsers are a common attack vector, he said. EOT is commonly font used on webpages, he noted.

Rated by Microsoft as "important," MS10-073 repairs several vulnerabilities in the Windows kernel-mode drivers, including an elevation of privilege vulnerability related to Stuxnet. According to Microsoft, an attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Kandek said Stuxnet used the flaw to get administrator privileges on a system and take control of it. Tuesday's update fixes the vulnerability in Windows XP but not Vista, he said. Microsoft said it will release a second and final update to repair elevation of privilege vulnerabilities exploited by Stuxnet in an upcoming bulletin.

Microsoft's September update included a fix for a critical print-sharing vulnerability actively targeted in the wild by the Stuxnet Trojan outbreak in July. The company also issued an emergency patch July 30 to repair a zero-day vulnerability in the Windows Shell that was being used by Stuxnet.

Stuxnet's sophistication has impressed security researchers, Kandek said. It adapts to different situations using a blend of vulnerabilities, he said. "It's very smartly put together."

MS10-077, rated as "critical," fixes a vulnerability in Microsoft .NET Framework that could allow remote code execution on a client system if a user views a malicious webpage using a Web browser that can run XAML Browser Applications (XBAPs), Microsoft said. Shavlik's Miller noted that the flaw only affected 64-bit operating systems.

Overall, this month's security bulletins from Microsoft affect only older software, Miller said. For example, the Internet Explorer 7 and 8 are not affected by the security vulnerabilities addressed in the cumulative IE patch. He recommended organizations upgrade to newer software, if possible.

With Tuesday's update, Microsoft has released 86 security bulletins so far this year, compared to a total of 74 last year, he said.

Microsoft Windows Media Player Vulnerability

sykhairuldin — Thu, 14 Oct 2010 11:25:35 +0800

Microsoft Windows Media Player CVE-2010-2745 Remote Code Execution Vulnerability

Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted media content.

An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application, which can compromise the application and possibly the computer.

The issue affects the following:

Windows Media Player 9 series
Windows Media Player 10
Windows Media Player 11
Windows Media Player 12

The following exploit code:

» Click to show Spoiler - click again to hide... «

Solution:
Microsoft has released an advisory and updates to address this issue. Please see the references for more information.

» Click to show Spoiler - click again to hide... «