5 matches found
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet ZINC involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products. This malicious file is a legitima...
Apple Safari CSS format Argument Handling Memory Corruption - High Confidence (CVE-2010-0046)
Safari is a web browsing application developed by Apple. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. Safari is the default browser included with the Mac OS X operating system. A memory corruption vulnerability exists i...
Microsoft HTML Sanitization Cross Site Scripting (MS13-035) - High Confidence (CVE-2013-1289)
A cross-site scripting vulnerability has been reported in multiple Microsoft products. The flaw is due to the way that the applications sanitize HTML. Remote attackers can exploit this vulnerability by submitting crafted HTML to the vulnerable server that uses the HTML Sanitization library, and...
Microsoft SMB Response Parsing Memory Corruption (MS10-020; CVE-2010-0476) - High Confidence
A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation...
Microsoft Internet Explorer SLayoutRun Use After Free (MS13-009) - High Confidence (CVE-2013-0025)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...