SEI Insights

CERT/CC Blog

Vulnerability Insights

Hi everybody. Allen Householder from the CERT Vulnerability Analysis team here, back with another installment of "What's new in CERT's fuzzing frameworks?" Today we're announcing the release of updates of both our fuzzing tools, the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.0.1. The remainder of this post describes the changes in more detail.

Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers.

This vulnerability is bad news, at least for those of us trying to avoid phishing and drive-by browsing attacks. The vulnerability is caused by a logic bug that allows an applet to grant itself full privileges. More technical details are available in Vulnerability Note VU#636312.

Hi folks, Allen Householder from the CERT Vulnerability Analysis team here. Back in April, we released version 1.0 of the CERT Failure Observation Engine (FOE), our fuzzing framework for Windows. Today we're announcing the release of FOE version 2.0. (Here's the download.) Although it has only been a few months since we announced FOE 1.0, our development cycle is such that FOE 2.0 actually reflects nearly a year of additional improvements over the 1.0 release.