169 matches found
EUVD-2000-0200
Malware in sbrugna...
EUVD-2015-0703
Malware in sbrugna...
Researchers Expose Phishing Threats Distributing CountLoader and PureRAT
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader , which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics SVG files designed to trick recipients into opening...
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles UAVs have been an integral tool used by the Ukrainian military, malware-lace...
ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques
The North Korean advanced persistent threat APT actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help CHM files to download additional malware onto targeted machines. According to multiple reports from AhnLab Security Emergency response Center ASEC, SEKOIA.IO, and Zscaler, the...
K6795: ClamAV CHM Chunk Name Length DoS Vulnerability - CVE-2006-5295
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
USN-5423-1 clamav vulnerabilities
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...
7-Zip 16 DLL Hijacking
Microsoft Windows Environment Variable Expansion Issue Leads To Remote DLL Hijack Attack vector: 7-ZIP v.16 7-ZIP v.16 and possibly other softwares that utilizes the HTML Help System are prone to a remote DLL hijacking issue which leads to arbitrary code execution. PoC attached. because the OS...
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Compiled HTML Help "hh.exe"...
Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection
Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + ISR:...
MS05-001: Vulnerability in HTML Help could allow code execution
MS05-001: Vulnerability in HTML Help could allow code execution Microsoft has released security bulletin MS05-001. The security bulletin contains all the relevant information about the security update. This includes file manifest information and deployment options. To view the complete security...
ALPINE-CVE-2018-18586
chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...
libmspack Buffer Overflow Vulnerability
Libmspack is a library that can compress and decompress files in CAB, CHM and HLP formats. A security vulnerability exists in the 'chmdreadheaders' function in the mspack/chmd.c file in versions of Libmspack prior to 0.8alpha. No details of the vulnerability are provided at this time...
USN-3728-1 libmspack vulnerabilities
Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service. CVE-2018-14679, CVE-2018-14680 Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...
Microsoft Internet Explorer HTML Help Control 4.74 Bypass
Exploit Title: Microsoft Internet Explorer CVE-2004-1043 - HTML Help Local Zone Bypass Vulnerability : Enhanced! Google Dork: N/A Date: June, 26, 2018 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: HTML Help Control...
Apache Tika Chmparser Denial Of Service (CVE-2018-1339)
A denial-of-service vulnerability exists in Apache Tika. The vulnerability is due to improper handling of a Microsoft Compiled HTML Help file during enumerating its listing chunks...
May 8, 2018—KB4103725 (Monthly Rollup)
May 8, 2018—KB4103725 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were part of update KB4093121 released April 17, 2018 and addresses the following issues: Addresses an issue that prevents customers from typing Hangul correctly with Microsoft's...
May 8, 2018—KB4103715 (Security-only update)
May 8, 2018—KB4103715 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that may cause an error when connecting to a Remote Desktop server. F...
CHM Help Files Deliver Brazilian Banking Trojan
Security researchers are warning of a new spam campaign targeting Brazilian institutions that contain Compiled HTML file attachments that are used to deliver a banking Trojan. Spam messages contain a malicious CHM attachment called “comprovante.chm”, wrote Rodel Mendrez, senior security researche...
USN-3393-1 clamav vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...