We are going to see Firefox 2.0.0.13 probably by end of this week. Check out this directory transversal code using view-sources: & resource: scheme
view-source:resource:///
translate to file:///C:/Program%20Files/Mozilla%20Firefox/

You can read/include firefox pref settings with this code. <script src=”view-source:resource:///greprefs/all.js”></script>

Workaround

Install No-script Add-ons.

Credits

Ronald van den Heetkamp at 0×000000

External Links

• Firefox 2.0.0.12 Information Leak POC

A JavaScript Buffer Overflow in Adobe Acrobat, Acrobat 3D & Reader allowed remote attacker to execute arbitrary code. The code will run with the privileges of the target user opening the PDF document.

Excerpt from iDefense Public Advisory;

Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code.

Workaround

Disabled Adobe Reader & Acrobat JavaScript. Perform Update ↓

Update -Adobe Acrobat & Reader version 8.1.2

Adobe released version 8.1.2 of Adobe Reader, Acrobat & Acrobat 3D to address
these vulnerabilities.

• Adobe Reader 7 and 8 users update to Adobe Reader 8.1.2
• Acrobat 8 users on Windows update to Acrobat 8.1.2
• Acrobat 8 users on Macintosh update to Acrobat 8.1.2
• Acrobat 3D version 8 users on Windows update to Acrobat 3D version 8.1.2

These vulnerabilities were discovered by Greg MacManus of VeriSign iDefense Labs.

Related Posts

• How to safely remove AcroRd32Info.exe (Adobe Reader)

External Links

• Security update available for Adobe Reader and Acrobat 8 (APSA08-01)

Apple QuickTime contains a stack buffer overflow vulnerability in the way it handles the RTSP Content-Type header. This vulnerability may be exploited by specially crafted RTSP stream protocol

Live Example

• GNUcitizen- Backdooring QuickTime Movies
• Apple QuickTime redirection to the RTSP exploit

Elia Florio (Symantec) wrap a good introduction post regarding QuickTime 0 day Exploit.

Known Vulnerabilities Proof of concept (milw0rm).

• Apple QuickTime 7.3 RTSP Response Content-Type Header Stack Buffer Overflow exploit
• Apple QuickTime Remote stack rewrite exploit for Internet Explorer 6 & 7
• Apple QuickTime 7.2/7.3 RTSP Response Universal Exploit (IE7/FF/Opera)
• Apple Quicktime (Vista/XP Sp2 RTSP RESPONSE) Code Exec Exploit

Workarounds

You may try the following workarounds, as there is no complete patch for this this vulnerability.

• Block TCP port 554 (optionaly 7070) and UDP 6970 through 6999 in your firewall
• Update Quicktime
• Disabled Apple Quicktime ActiveX control running in Internet Explorer (Windows registry file)
• For Firefox - Noscripts addons

Related Links

• RTSP - rfc2326 & RTP - rfc1889
• Apple Security Update on Safari 3 Beta Update 3.0.4
• NVD Database - Buffer overflow in Apple QuickTime
• Microsoft KB240797 - How to stop an ActiveX control from running in Internet Explorer