Cerber ransomware delivered in format of a different order of Magnitude

As a follow up to our study into the Magnitude exploit kit and its gate which we profiled in a previous blog post, we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are a very effective means of serving malicious payloads and an important aspect is...

Koadic: An Advanced Windows JScript/VBScript RAT!

PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...

Zusy Malware Installs Via Mouseover – No Clicking Required

Researchers are warning of several recent spam campaigns delivering PowerPoint files that when opened contain a mouseover link that installs a variant of the Zusy malware. The malware is novel because it does not rely on macros, JavaScript or VBA macros to be enabled for the dropper file to...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-0236)

A memory corruption vulnerability exists in Microsoft Edge. The Vulnerability is due to the JScript and VBScript engines improperly handling objects in memory in. Successful exploitation of this vulnerability could allow an unauthenticated user to run arbitrary code with the same rights as the...

VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening...

Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation

Oracle VM VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of...

Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can be circumvented ...

CVE-2017-0199: Microsoft Office RTF vulnerability using the PoC-vulnerability warning-the black bar safety net

0x01 description From FireFye detect and publish CVE-2017-0199 since, I have been researching this vulnerability in Microsoft officially released the patch, I decided to release this PoC. I use way possible with other researchers using different methods, the use of the method may be little bit...

CVE-2017-0201

A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka...

Remote code execution

A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka...

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins

Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide. We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulleti...

Microsoft Patches Three Vulnerabilities Under Attack

Microsoft today patched a zero-day Word vulnerability that has been publicly attacked along with deploying fixes for Internet Explorer, Microsoft Edge and Windows 10. In all, nine Microsoft products received updates totaling 45 unique CVEs. Three of the vulnerabilities among Tuesday’s updates,...

Microsoft Internet Explorer Multiple Vulnerabilities (4013073)

This host is missing a critical security update according to Microsoft Bulletin MS17-006. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer Remote Code Execution Vulnerability (KB4014661)

This host is missing a critical security update according to Microsoft security updates KB4014661. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

[SECURITY] Fedora 25 Update: kdelibs3-3.5.10-84.fc25

Libraries for KDE 3: KDE Libraries included: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling checker, jscript javascript, kab addressbook, kimgio image manipulation...

[SECURITY] Fedora 24 Update: kdelibs3-3.5.10-84.fc24

Libraries for KDE 3: KDE Libraries included: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, kio Input/Output, networking, kspell spelling checker, jscript javascript, kab addressbook, kimgio image manipulation...

MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015

MS15-053: Description of the security update for VBScript and JScript 5.7: May 12, 2015 Summary This security update resolves address space layout randomization ASLR security feature bypasses in the JScript and VBScript scripting engines in Microsoft Windows. An attacker could use one of these AS...

MS12-056: Vulnerability in JScript and VBScript engines could allow remote code execution: August 14, 2012

MS12-056: Vulnerability in JScript and VBScript engines could allow remote code execution: August 14, 2012 INTRODUCTION Microsoft has released security bulletin MS12-056. To view the complete security bulletin, go to one of the following Microsoft websites: Home users:...

MS11-031: Description of the security update for the JScript and VBScript v5.8 scripting engines: April 12, 2011

MS11-031: Description of the security update for the JScript and VBScript v5.8 scripting engines: April 12, 2011 INTRODUCTION Microsoft has released security bulletin MS11-031. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

MS16-003: Description of the security update for JScript 5.7 and VBScript 5.7: January 12, 2016

MS16-003: Description of the security update for JScript 5.7 and VBScript 5.7: January 12, 2016 Summary This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted...