Ziff Davis released their list of the 10 Most Vulnerable Software Apps of 2009. Question the authority of the list? Here’s the first 2 items that they start out with. Read the rest and you be the judge:
- Adobe Acrobat, Adobe Reader
Vulnerabilities that allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009. - Adobe Flash Player
Does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a “buffer overflow issue.” Allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a “privilege escalation vulnerability.” Allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a “null pointer vulnerability.”
LINK: 10 Most Vulnerable Software Apps of 2009
http://bit.ly/cnHRgy
kurtsh
Kurt Shintaku's Blog 