Security Vulnerability Research & Defense : March 2008

March 2008 - Posts

Tuesday, March 11, 2008 1:40 PM

MS08-015: Protocol Handler and its Default Security Zone

MS08-015, CVE-2008-0110, addresses a vulnerability in Microsoft Outlook’s implementation of “mailto” URI handling. The attack can be launched via IE or other applications which invoke the “mailto” protocol. Applications can register pluggable protocol

Posted by swiblog | (Comments Off)

Filed under: Mitigations, registry, security zones, protocol handlers

Tuesday, March 11, 2008 1:35 PM

MS08-014 : The Case of the Uninitialized Stack Variable Vulnerability

MS08-014, CVE 2008-0081, addresses a vulnerability in Excel whose root cause is an uninitialized stack variable. You probably have seen these types of compiler warnings before: C:\temp>cl stack.cpp Microsoft (R) 32-bit C/C++ Optimizing Compiler Version

Posted by swiblog | 3 Comments

Filed under: compiler warnings, uninitialized variable

Security Vulnerability Research & Defense

This Blog

Syndication

Search

News

Blogroll

Report a Vulnerability to Microsoft

Tags

Recent Posts

Archives

March 2008 - Posts

MS08-015: Protocol Handler and its Default Security Zone

MS08-014 : The Case of the Uninitialized Stack Variable Vulnerability