PT-2024-2982

Name of the Vulnerable Software and Affected Versions Windows CSC Service affected versions not specified Description The issue is related to an elevation-of-privilege vulnerability in the Windows CSC Service, which can be exploited due to improper address validation in IOCTL with METHOD NEITHER...

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. Alternative video link for Russia: On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch...

PuzzleMaker attacks with Chrome zero-day exploit chain

On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for...

LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service

LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service source: https://www.securityfocus.com/bid/41475/info LibTIFF is prone to a denial-of-service vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to crash an application...