Lucene search
K

297 matches found

Talos Blog
Talos Blog
added 2019/10/15 12:34 p.m.68 views

Vulnerability Spotlight: Another fix for Adobe Acrobat Reader DC text field value remote code execution

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Cisco Talos once again would like to bring attention to a remote code execution vulnerability in Adobe Acrobat Reader. Acrobat, which is one of the most popular PDF readers on the market, contains a bug when the software incorrectly...

9.3CVSS10AI score0.13071EPSS
Exploits0
Talos
Talos
added 2019/10/15 12:0 a.m.56 views

Adobe Acrobat Reader DC text field value remote code execution vulnerability redux

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC, version 2019.012.20035. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim...

9.3CVSS9.5AI score0.13071EPSS
Exploits0
Prion
Prion
added 2019/10/09 9:15 p.m.16 views

Design/Logic Flaw

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file...

6.8CVSS7.9AI score0.02282EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/10/09 9:15 p.m.23 views

Design/Logic Flaw

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file...

6.8CVSS7.9AI score0.02562EPSS
Exploits1References1Affected Software1
Talos
Talos
added 2019/10/09 12:0 a.m.105 views

NitroPDF jpeg2000 ssizDepth Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Talos
Talos
added 2019/10/09 12:0 a.m.102 views

NitroPDF jpeg2000 yTsiz Remote Code Execution Vulnerability

Summary A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open...

8.8CVSS8.6AI score0.02282EPSS
Exploits1
Veracode
Veracode
added 2019/07/08 12:28 p.m.18 views

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...

7.5CVSS7.8AI score0.11107EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2019/06/06 2:26 p.m.18 views

CVE-2019-5242

There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write...

7.8AI score0.01009EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/16 2:22 a.m.33 views

Out-of-bounds Write

Linux kernel is vulnerable to out-of-bounds writes. This is due to the implementation of 32-bit syscall interface for bridging. A privileged user can write arbitrarily write to a limited range of kernel memory...

6.7CVSS7AI score0.00451EPSS
Exploits0References45Affected Software2
Talos Blog
Talos Blog
added 2019/05/14 11:23 a.m.80 views

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Executive summary There are two remote code execution vulnerabilities in Adobe Acrobat Reader that could occur if a user were to open a malicious PDF on their machine using the software. Acrobat is the most widely used PDF reader...

9.3CVSS0.6AI score0.10223EPSS
Exploits1
Talos
Talos
added 2019/05/14 12:0 a.m.115 views

Adobe Acrobat Reader DC app.thermometer Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.10.20098. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need ...

9.3CVSS8.8AI score0.0877EPSS
Exploits0
Cvelist
Cvelist
added 2019/04/26 4:9 p.m.18 views

CVE-2019-9813

Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...

8.4AI score0.07387EPSS
Exploits4References6
AlpineLinux
AlpineLinux
added 2019/04/22 3:6 p.m.67 views

CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

8.1CVSS7.7AI score0.03138EPSS
Exploits1
Talos
Talos
added 2019/04/09 12:0 a.m.63 views

Adobe Acrobat Reader DC text field value remote code execution vulnerability — redux

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

9.3CVSS9.4AI score0.13541EPSS
Exploits0
Veracode
Veracode
added 2019/03/13 3:10 a.m.30 views

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the authenticated user...

6.5CVSS7.6AI score0.06553EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2019/02/22 11:29 p.m.22 views

Design/Logic Flaw

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

5CVSS8.2AI score0.04188EPSS
Exploits1References12Affected Software3
Talos
Talos
added 2018/12/11 12:0 a.m.63 views

Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

9.8CVSS7.1AI score0.09744EPSS
Exploits0
Exploit DB
Exploit DB
added 2018/10/22 12:0 a.m.42 views

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking

/ This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel graphics drivers have their own hash table type...

9.3CVSS6.4AI score0.04157EPSS
Exploits4
Talos
Talos
added 2018/10/01 12:0 a.m.498 views

Foxit PDF Reader Javascript Optional Content Group Remote Code Execution Vulnerability

Summary An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to...

8.8CVSS8.4AI score0.03155EPSS
Exploits1
Packet Storm
Packet Storm
added 2018/08/05 12:0 a.m.45 views

Fortinet FortiClient 5.2.3 Local Privilege Escalation

include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE driver memsetLPVOID0x000000001a000000, 0x11, 0x1000;...

7.2CVSS0.7AI score0.02029EPSS
Exploits5
Rows per page
Query Builder