9 of 15Image
Adobe Acrobat & Reader. Now we fear PDFs.
Adobe's PDF document format, long ago released as an open standard, has become one of those formats that you can assume everyone can read. Lots of software reads PDF files, but most people still use the Adobe Reader program to do it. In the mid-to late 00's, numerous vulnerabilities led to numerous exploits using numerous malicious PDFs to turn numerous Windows users into bots.
As with the Flash vulnerabilities of years gone by, none of the Acrobat/Reader vulnerabilities really stood out over the others. It was the steady parade of them and the consequent need for frequent updates that stands out.
As with Flash vulnerabilities, Adobe has steadily hardened Reader and Acrobat so that vulnerabilities are fewer and less-severe.
Image: Security @ Adobe blog
The other OpenSSL problem
Ten to fifteen years ago, before there was awareness enough to create Heartbleed-level hysteria, some really horrible vulnerabilities in really important software would go relatively unnoticed.
CVE-2002-0656 is one of a few remote code execution vulnerabilities from that era in Apache web servers and OpenSSL — yes, the same OpenSSL implicated in Heartbleed. It was found by well-known researcher Alexander Sotirov who demonstrated how to use it to gain a shell, meaning code execution capability, on Apache/OpenSSL web servers and a root shell on some servers.
billy gates why do you make this possible ?
Blaster, also known as MSblast, LovSAN and a few other names, was the first of a series of persistent worms using remotely-exploitable Windows vulnerabilities to spread. Microsoft first released the update for the vulnerability used by it in July of 2003 and everyone knew the race was on to create a worm with the flaw, a buffer overflow in the DCOM RPC procedures, a protocol for remote program calls over the network.
Blaster appeared first in August. The Chinese authors of the A variant built it by reverse-engineering the Windows patch. The executable contained many inexplicable and taunting statements, such as the one pictured here. Blaster was buggy and frequently caused system shutdowns.
Unusually for these things, the author of the B variant was caught. He was an 18 year old from Minnesota and he received an 18 month prison sentence.