Micrsoft security researchers have found some critical vulnerabilities in facebook and Picasa which lead to arbitrary code execution and account compromise.
Vulnerabilities on picasa were posted on 19 july.
Research advisory posted explained that,”A vulnerability exists in the way that Picasa handles certain specially crafted JPEG images. An attacker could exploit this vulnerability to cause Picasa to exit unexpectedly and execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Readmore here https://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
In another advisory, security researchers have posted vulnerabilities of facebook. It explained,”A vulnerability exists in the way that Facebook.com had previously implemented protection against clickjacking attacks. An attacker could exploit this vulnerability to circumvent Facebook privacy settings and expose potentially sensitive user information. An attacker who successfully exploited this vulnerability could take complete control of a user’s Facebook.com account and could perform any action on behalf of the user, such as read potentially sensitive data, change data, and delete contacts.”
“The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, an attacker must convince a user to click on specially crafted Facebook content.”, it added
Read More: https://www.microsoft.com/technet/security/advisory/msvr11-007.mspx
Vulnerabilities on picasa were posted on 19 july.
Research advisory posted explained that,”A vulnerability exists in the way that Picasa handles certain specially crafted JPEG images. An attacker could exploit this vulnerability to cause Picasa to exit unexpectedly and execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Readmore here https://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
In another advisory, security researchers have posted vulnerabilities of facebook. It explained,”A vulnerability exists in the way that Facebook.com had previously implemented protection against clickjacking attacks. An attacker could exploit this vulnerability to circumvent Facebook privacy settings and expose potentially sensitive user information. An attacker who successfully exploited this vulnerability could take complete control of a user’s Facebook.com account and could perform any action on behalf of the user, such as read potentially sensitive data, change data, and delete contacts.”
“The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, an attacker must convince a user to click on specially crafted Facebook content.”, it added
Read More: https://www.microsoft.com/technet/security/advisory/msvr11-007.mspx