Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

The vulnerability of the DNSAPI.dll library in the Windows operating system’s DNS service allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the DNSAPI.dll library in the Windows operating system’s DNS service is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted DNS responses, or to cause a service failure...

Microsoft Internet Explorer Scripting Engine Information Disclosure Vulnerability (CNVD-2017-34446)

Internet Explorer IE is a web browser that comes with the Windows operating system. scripting engines is one of the JavaScript engine components. An information disclosure vulnerability exists in the scripting engine in versions 9, 10, and 11 of IE for Microsoft Windows, which arises from the...

Microsoft Windows Internet Explorer Remote Code Execution Vulnerability (CNVD-2017-37103)

Microsoft Windows 7 SP1 and others are a series of operating systems from Microsoft Corporation, U.S.A. Internet Explorer IE is one of the web browsers that comes with the Windows operating system. A remote code execution vulnerability exists in versions 9, 10, and 11 of IE in Microsoft Windows...

CVE-2017-11827

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gai...

CVE-2017-11869

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...

CVE-2017-11866

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption...

CVE-2017-11841

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption...

The vulnerability of the Microsoft Server Message Block (SMB) network protocol in the Windows operating system allows a hacker to cause a service failure.

The vulnerability of the Microsoft Server Message Block SMB network protocol in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests to the...

Ipswitch IMail Server Buffer Overflow Vulnerability

Ipswitch IMail Server is a mail server from Ipswitch, Inc. that runs on the Microsoft Windows operating system. A stack buffer overflow vulnerability exists in Ipswitch IMail server version 12.5.5 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary code...

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Edge browser on Microsoft Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using specially crafted content that cause...

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Edge browser on Microsoft Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Edge browser on Microsoft Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using specially crafted content that cause...

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Edge browser on Microsoft Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted web page, Active...

CVE-2017-11822

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how...

CVE-2017-11809

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

CVE-2017-11763

The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles speciall...

CVE-2017-11812

ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2017-30137)

Microsoft Windows 7 SP1 and others are a series of operating systems from Microsoft Corporation USA.Internet Explorer IE is a web browser that comes with the Windows operating system. A memory corruption vulnerability exists in versions 9 and 11 of IE in Microsoft Windows, which arises from the...

CVE-2017-14947

Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."...