Tag - Remote code execution
Microsoft released a security update for its Office for Mac 2011 software the latest release being v14.4.5. Resolving vulnerabilities, the update prevents the possibility of remote code execution if a specially crafted file is opened in an affected version. Attackers could gain the same user rights as the current user if successful, and subsequently install programs, view, change or delete data; or create new accounts with full user rights. Full details can be found in Mircosoft's latest security bulletin on the matter.
Mozilla on Tuesday posted Firefox 220.127.116.11, an update to its web browser that resolves several vulnerabilities, ranging from several benign problems, to critical bug fixes related to arbitrary code execution and remote control of a user's system. Among the major fixes are MFSA 2008-21, 2008-24, 2008-25, and 2008-33, which resolve crashes when memory is corrupted, Chrome script loading vulnerabilities, arbitrary code execution in a .loadSubScript() command, as well as crashing and remote code execution.
Apple on Wednesday released dozens of security updates part of its Mac OS X 10.5.3 update for Leopard and Security Update 2008-003(PPC Tiger client, Intel Tiger client, PPC Server, Universal Server) for Mac OS X Tiger, including critical bugs for remote shutdown, arbitrary code execution (multiple including JPG2000 issues), denial of service (via viewing PNG files), private information information disclosure (via SSL, Tiger Mail, Unicode, malicious BMP/GIF files and Image Capture) as well as a critical code execution bug for the continually updated Adobe Flash plugin. Apple also updated its Single Sign-On feature (CVE-ID: CVE-2008-1578) to prevent passwords from being supplied other local users.