Zencurity

A vulnerability has been discovered in Internet Explorer 6 & 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error in iepeers.dll when handling invalid values passed to the "setAttribute()" function. This can be exploited to dereference invalid memory when a specially crafted web page using the "#default#userData" behavior is accessed. Successful exploitation allows execution of arbitrary code.

You should update to IE8 or set the Internet zone security setting to "High" or disable Active Scripting support.

The vulnerability is currently being actively exploited!

Link: http://httpd.apache.org/security/vulnerabilities_22.html

Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to gain access to potentially sensitive information, cause a DoS and potentially compromise a vulnerable system.

1. The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests.
2. The mod_isapi module unloads ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. This can be exploited by sending a specially crafted request followed by a reset packet. Successful exploitation may allow the execution of arbitrary code with SYSTEM privileges on Windows systems.
3. An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used.

Update to version 2.2.15 as soon as it becomes available.

Link: http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx

A vulnerability has been reported in Microsoft Data Analyzer, which can be exploited by malicious people to compromise a user's system. The vulnerability affects all Windows operating systems.

The vulnerability is caused due to an unspecified error in the Microsoft Data Analyzer ActiveX control (max3activex.dll). This can be exploited to cause a system state corruption and execute arbitrary code via a specially crafted web page.

Link: http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx

A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when parsing AVI files and can be exploited to cause a heap-based buffer overflow.

Successful exploitation allows execution of arbitrary code.

Link: http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx

Tielei Wang has discovered a vulnerability in Microsoft Windows 2000, XP and Server 2003, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in Microsoft Paint when parsing certain image content. This can be exploited to cause a heap-based buffer overflow by tricking a user into viewing a specially crafted JPEG image.

Successful exploitation may allow execution of arbitrary code.