Ok, za pocetak ovo:
Patch bulletin MS14-014 squashes a security bug in Silverlight that allows miscreants to bypass security protections – Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) – to make it easier to exploit other bugs.
Na koju foru bilo sta f*ckin Silverlightu moze da iskljuci DEP i ASLR??!?!?
Ah da, verovatno su MSFT programeri zaduzeni za Silverlight imali pristup celom OS-u #@*(&@# Ne bi me cudilo da zovu ntdll.dll posto svi znamo da je glorifikovanom framework-u za iscrtavanje gluposti na ekranu potreban pristup svemu u OS-u.
Ali pobednik je ipak...
Patch bulletin MS14-013 sorts out a flaw in the Windows DirectShow component, which incorrectly processed JPEGs allowing a maliciously crafted image to execute code on the victim's machine once opened. All supported versions of Windows are at risk except for Windows Server 2008 for Itanium and Windows RT.
Maliciozni JPEG, jos opasniji od malicioznog kursora :)
Ali, hej, Windows Server 2008 za Itanium i Windows Teletabis nisu rizicni... kontam da na njima nema DirectShow-a.
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey