The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. The techniques for automatic patch-based exploit generation, and show that some techniques can automatically generate exploits ...

It must be zero-day Wednesday. Microsoft and security researchers are investigating reports of several potentially serious bugs affecting Microsoft Office, made public just as Microsoft patched critical flaws in Windows XP, Vista and other software on Tuesday. The new bugs appeared in several security forums on Monday, and were reported by security ...

Metasploit has proof of concept code for exploiting MS06-040. The countdown to the worm begins. Exploit Module: netapi_ms06_040 [MetaSploit.com] Original post by Security Wonk and powered by Img Fly

The guys at Black Hat are demonstrating some interesting attacks against the device drivers for the wireless card in a MacBook Pro: The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the ...

Internet Explorer 7 will be a huge win for web security, and Microsoft has announced how they will be distributing it: AU will notify you when IE7 is ready to install. Alternately, you will be able to visit the Windows Update or Microsoft Update sites and obtain IE7 by performing an ...