Gladiator Research and Security

GSA Reference Number: AD091124-01

Simply Put: Microsoft Internet Explorer (IE) 6 and 7 are vulnerable to a remote code execution vulnerability.  This vulnerability was released to the public earlier this week.  Currently, this exploit is not deemed reliable, meaning that it is difficult to exploit consistently.  However, there will most likely be a reliable version released in the near future.  This exploit also could be triggered by an HTML email message if using Microsoft Outlook, Outlook Express, or Microsoft Mail, as these products use IE to display these messages.

GSA Reference Number: AD090722-01

Simply Put: Adobe Acrobat, Reader, and Flash have a remote code execution vulnerability currently being exploited on the Internet.  Adobe does not have a patch available at this time.  This vulnerability can be exploited by a malicious website to load arbitrary code or take control of a victim’s PC.

GSA Reference Number: AD090513-01

Simply Put: Adobe has released a patch for the critical vulnerability affecting its Acrobat products.  This vulnerability was previously discussed in Gladiator Advisory AD090430-01 on April 30th, stating that all versions of Adobe Reader and Adobe Acrobat, on all operating systems, are affected by a Critical JavaScript Vulnerability.

GSA Reference Number: AD090220-01

Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain an unpatched critical vulnerability that allows arbitrary code execution.  Adobe has released an advisory on this issue, but a patch will not be released until March 11th.  A workaround has been published that will prevent code execution, but the application will still crash.

GSA Reference Number: AD090218-01

Simply Put: An Internet Explorer 7 vulnerability patched in the latest installment of Microsoft updates is now being exploited by malware authors.  The patch, designated MS09-002, fixed a memory corruption vulnerability, which can cause remote code execution.