Showing 6 results for: January 2013 ×Zero-Day ×

Q&A w/ SpiderLabs Research: Java 0day CVE-2013-0422

Q: What's going on? People are talking about some Java 0day which threatens the whole world… Bring me up to speed, now! A: About a week ago, an independent researcher has reported a previously unknown (0day) Java vulnerability being used...

Microsoft Patch Tuesday, January 2013 - Part II

It's now official, there is another bulletin (MS13-008) release for the month of January and affected Microsoft Windows users should be expecting a out-band security patch soon. This out-of-band security patch fixes one memory corruption vulnerability discovered in Internet Explorer...

First Java 0day For The Year 2013

Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute malicious code on any desktop with Java 1.7 u10 (or prior) installed – which is the latest version from Oracle. After some...

Dissecting a CVE-2012-4792 Payload

A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system after it was infected via the exploit outlined in CVE-2012-4792. For those that may not have heard, this CVE has...

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint you. Microsoft will be issuing seven new bulletins next week, two of them are rated as 'Critical'. Both critical bulletins can result in...