GOM Player 2.3.90.5360 - Remote Code Execution (RCE)

Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...

A week in security (April 15 – 21)

Last week, Malwarebytes Labs revealed multiple giveaway online scam campaigns banking on the popularity and generosity of Ellen DeGeneres, weighed in on the hack that compromised legacy Microsoft email service accounts like Hotmail and MSN, explained what “like-farming” means and how to spot it o...

IE browser exploit technical evolution of the(a)-vulnerability warning-the black bar safety net

! IE browser exploits technology evolution Note: the article relates to the software, or dll, that is the final exp: https://yunpan.cn/OckK8EjZnR9cGj （extraction code: 2a79 Today, the browser is the user access to the Internet portal. The browser was born from the beginning of the Main to provide...

Internet Bug Bounty: Flash “local-with-filesystem” Bypass in navigateToURL

This issue has been patched by Adobe: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html CVE-2016-4178 Flash “local-with-filesystem” policy can be bypassed using the “navigateToURL” function. It is not possible to target the local files using a Flash file in a website using...

Microsoft Internet Explorer CVE-2015-6086 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, and 11 are vulnerable. Technologies Affected Microsoft Internet Explorer ...

ownCloud: apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only)

Due to a bug in the URL generation component mainly used by forms on the ownCloud appstore available at apps.owncloud.com is vulnerable to multiple reflected XSS. This problem seems only to be exploitable in Internet Explorer since other browsers are URL encoding GET parameters. This was...

Malvertising Campaign Hits AOL Ad Network, Leads to Exploit Kit

Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit...

Win95+IE3 – Win10+IE11 full version execution vulnerability-vulnerability warning-the black bar safety net

Microsoft this month's security update fixes a potential of the 1 8 years of IE remote code execution vulnerability, CVE-2 0 1 4-6 3 3 2, You can say Yes to the windows to eat a big Supplement pills. Defects appear in the VBScript code, from Windows 9 5 first published in 1 9 years ago since it h...

The IE vulnerability is a doubling of Flash Player easy to be attack-vulnerability warning-the black bar safety net

Recently, foreign security vendor Bromium released a 2 0 1 4 annual security report, in 2 0 1 3 to 2 0 1 4 during the year, IE browser vulnerabilities to the large number doubled. At the same time, the report also analyzed the cybercriminals most commonly used vulnerabilities to attack the...

Technical details of the targeted attack using IE vulnerability CVE-2013-3918

Over the weekend we became aware of an active attack relying on an unknown remote code execution vulnerability of a legacy ActiveX component used by Internet Explorer. We are releasing this blog to confirm one more time that the code execution vulnerability will be fixed in today’s UpdateTuesday...

CVE-2013-3893: Fix it workaround available

Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is link...

Attackers Targeting MS13-055 IE Vulnerability

Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that’s being used is capable of bypassing both ASLR and DEP...

Microsoft to Ship 7 Bulletins in March Patch Tuesday Release

Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings. Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server...

Energy Manufacturer Also Victimized by IE Zero Day in Watering Hole Attack

This week’s watering hole attack exploiting a zero-day vulnerability in Internet Explorer was not limited to the influential Council on Foreign Relations site. A Metasploit contributor said an energy manufacturer’s website has been serving malware related to the attack since September. Researcher...

The latest IE remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Vulnerability information Internet Explorer open to attack page, CMshtmlEd object is deleted and released, and the released memory is reused, resulting in Use-After-Free. Affected system: Microsoft Internet Explorer 9. x Microsoft Internet Explorer 8. x Microsoft Internet Explorer 7. x Release...

Regarding the recent that net horse 0day（CVE-2 0 1 0-0 8 0 6 use Metasploit to generate method-vulnerability warning-the black bar safety net

One, download the Second, placed to C:\Metasploit\Framework3\msf3\modules\exploits\test. I change the name ie. rb Third, start msfconsole Fourth, the msf use exploit/test/ie msf exploitie show optinos Echo: the Module options: Name Current Setting Required Description ---- --------------- -------...

Ninety percent of the IE vulnerability-a vulnerability warning-the black bar safety net

JavaScript IE 6 vulnerability Its use of code as follows: script type="text/jscript" function init document. write"The time is:" + Date ; window. onload = init; /script Using this code you can hide the page in front of html code, run after it can only see the javascript statement inside the...

Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net

On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...

IEVML overflow analysis process and COOKIE protection bypass(teaching)-vulnerability warning-the black bar safety net

Small E PS: could someone look over,a few months before,but is really the classic teaching articles! A. Write in front of words This article is in invincible and virus two people of intense curiosity request,today I skipped school for half a day to write. In fact, I think now that everything has...

2 0 0 7 the latest IE 0day net horse picture that-the vulnerability warning-the black bar safety net

Ghost boy Note: This something has recently fried very hot, the css calls the two pictures, but it is unclear principle. Reportedly originally sold to 8W, but now it seems like everywhere got. Just in xiaoguang there to see, turn around, and his this added a simple encryption. Source: XG'Blog How...