Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user’s system in the security context of the logged-on user. The attacker could do this by one or more of the following actions:

The Winamp vulnerability in version 5.12 was announced at Secunia just a few days ago, details here. Note the Secunia advisory says “an exploit is publicly available”. Nullsoft released Wimamp 5.13 the same day the exploit was announced, but the spyware pushers saw an opportunity to infect more machines and make more money. SunbeltBLOG posted

The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes). Successful exploitation allows execution of arbitrary code on a user’s

There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system. The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI

F-Secure have released security advisory FSC-2006-1. Brief description Specially crafted ZIP archives may be used to execute code on affected systems. Both RAR- and ZIP-archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive. Software F-Secure’s Anti-Virus products for Microsoft Windows and Linux Affected versions F-Secure Anti-Virus for