Lucene search
K

262 matches found

CVE
CVE
added 2019/03/14 7:0 a.m.75 views

CVE-2019-9768

CVE-2019-9768 affects Thinkst Canarytokens embedded in Word documents. The root cause is limited variation in file size, metadata, and timestamps, enabling an attacker to estimate whether a document contains a token. Public PoC/code (Exploit/Detection-Bypass) demonstrates a bypass approach: unzip...

7.5CVSS7.4AI score0.11682EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/03/14 7:0 a.m.14 views

CVE-2019-9768

Thinkst Canarytokens through commit hash 4e89ee0 2019-03-01 relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token...

7.5AI score0.11682EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/03/04 12:0 a.m.40 views

LibreOffice < 5.4.6 and < 6.0.2 Heap Buffer Overflow

The LibreOffice installed on the remote host is either 5.x prior to 5.4.6 or 6.x prior to 6.0.2. A heap-based buffer overflow condition exists in The SwCTBWrapper::Read function due to improperly checking the bounds of the index into the dynamically allocated buffer. An unauthenticated, remote...

7.8CVSS7.6AI score0.02134EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2019/02/18 12:25 p.m.1 views

Popular Torrent Uploader 'CracksNow' Caught Spreading Ransomware

It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue. Popular software cracks/keygens uploader "CracksNow," who had trusted status from many...

6.5AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/01/24 7:58 p.m.226 views

Carbon Black TAU & ThreatSight Analysis: GandCrab and Ursnif Campaign

Summary Analysis conducted by Andrew Costis, Cathy Cramer, Emily Miner and Jared Myers. The Carbon Black ThreatSight team observed an interesting campaign over the last month. ThreatSight worked with the Threat Analysis Unit TAU to research the campaign. This report is being released to help...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/12/11 4:0 p.m.70 views

Flurry of new Mac malware drops in December

Last week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft's John Lambert and analyzed by Objective-See's Patrick Wardle, and the second wa...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2018/10/30 10:16 a.m.4 views

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuse...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/10/26 7:56 p.m.664 views

PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware

A stealthy malware delivery tactic has been uncovered in the way videos are embedded into Microsoft Word Documents, according to researchers. It allows JavaScript code-execution when a user clicks on a weaponized YouTube video thumbnail within a Word document – with no alert message displayed by...

7.3AI score
Exploits0References2
Talos Blog
Talos Blog
added 2018/10/26 12:25 p.m.125 views

Threat Roundup for October 19 to October 26

Today, Talos is is publishing a glimpse into the most prevalent threats we've observed between Oct. 19 and Oct. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2018/10/12 11:18 a.m.26 views

Threat Roundup for October 5 to October 12

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 5 and 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.3AI score
Exploits0
NVD
NVD
added 2018/10/01 8:29 p.m.29 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

8.8CVSS8AI score0.0128EPSS
Exploits1References1
OSV
OSV
added 2018/10/01 8:29 p.m.4 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

7.8CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2018/10/01 8:29 p.m.30 views

CVE-2018-3978

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

8.8CVSS8.8AI score0.01007EPSS
Exploits1References1
Prion
Prion
added 2018/10/01 8:29 p.m.18 views

Design/Logic Flaw

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

6.8CVSS7.7AI score0.0128EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/10/01 8:29 p.m.17 views

Heap overflow

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

6.8CVSS7.7AI score0.01007EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/01 8:0 p.m.35 views

CVE-2018-3984

An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use...

8.8CVSS7.9AI score0.01389EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/01 8:0 p.m.30 views

CVE-2018-3978

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

8.8CVSS8.8AI score0.01007EPSS
Exploits1References1
CVE
CVE
added 2018/10/01 8:0 p.m.62 views

CVE-2018-3978

CVE-2018-3978 is a vulnerability in Atlantis Word Processor’s Word Document parser (CLX/Clx handling in the Fib-based WordDocument table). A specially crafted Word binary (DOC) document can trigger a heap-based buffer overflow by mis-processing the Clx/Pcdt piece-descriptor table: the Clx.lcb con...

8.8CVSS7.7AI score0.01007EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/01 8:0 p.m.59 views

CVE-2018-3982

CVE-2018-3982 is an exploitable arbitrary write vulnerability in the Atlantis Word Processor (Word Document parser). Cisco Talos reports that Atlantis Word Processor 3.0.2.3 and 3.0.2.5 can be induced to skip adding elements to a loop-indexed array, causing an out-of-bounds read of a pointer and,...

8.8CVSS7.6AI score0.0128EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/01 8:0 p.m.71 views

CVE-2018-3984

CVE-2018-3984 affects Atlantis Word Processor 3.0.2.3 and 3.0.2.5. The Word Document parser has an uninitialized length (SprmTDefTable) for the number of table columns, which is later used as a loop bound. A crafted Word doc can trigger a heap-based buffer overflow, leading to code execution unde...

8.8CVSS7.9AI score0.01389EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder