Category Archives: IBM

IBM

Microsoft Windows OLE code execution

This particular vulnerability is in the Microsoft Windows OLE package manager.  One of the common exploit paths witnessed is delivered via in a Powerpoint Show file (the .PPTS extension) and renders objects outside the viewable area capable to execute arbitrary code on an impacted system (Windows 2012 Server, Windows Vista, Windows 7 and Windows 8).

Read more

OpenSSL heartbeat information disclosure

A serious vulnerability in the popular open source cryptographic library OpenSSL has been disclosed and Proof-of-Concept (POC) exploit code is publicly available. This affects deployments using 1.0.1 and 1.0.2-beta releases with TLS heartbeat extension enabled. Successful exploitation allows an attacker to remotely read system memory contents without even needing to log on to the server. It is highly advised to update all the affected products as soon as a patch for the particular product is available and to proactively get updates from the affected vendors.

Read more