EUVD-2012-2277

Malware in sbrugna...

EUVD-2012-2283

Malware in sbrugna...

EUVD-2022-37433

Malicious code in bioql PyPI...

BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover

How Wiz Research found a common misconfiguration in Azure Active Directory that compromised multiple Microsoft applications, including a Bing management portal...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

Code injection

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

Summary: CVE-2022-34478 affects Thunderbird on Windows, where the ms-msdt, search, and search-ms protocols could deliver content to Microsoft apps via prompts opened by user interaction. The underlying risk is exploitation of a prompt-based handling in these protocols that bypasses the browser. T...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:2279-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2279-1 advisory. - If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object...

Mozilla Thunderbird < 91.11

The version of Thunderbird installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-26 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showe...

CVE-2022-34478

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the ms-msdt, search, and search-ms protocols delivering content to Microsoft applications and bypassing the browser when a user accepts a prompt. These applications have had known vulnerabilities, exploit...

Mozilla Firefox ESR < 91.11

The version of Firefox ESR installed on the remote Windows host is prior to 91.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-25 advisory. - The Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates in the ms-mddt, search, and search-ms protocols in Windows Firefox's applications that pass content to Microsoft applications could le...

Get security beyond Microsoft products with Microsoft 365

Over time, organizations and individuals acquire stuff. Things we love and things we need. Things we don’t need but can’t seem to get rid of. I was confronted with this challenge when we bought a 1908 craftsman home. How could I make my beloved modern furniture and mandatory kid-friendly gear wor...

Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior

An attack leveraging cmd.exe and PowerShell was recently investigated by Cb ThreatSight analysts. Our initial investigation discovered that a batch file was executed on the targeted system. This batch file then invoked PowerShell with a base64 encoded command. Decoding the command revealed a seri...

Microsoft WININET.dll - &#039;CHttp­Header­Parser::Parse­Status­Line&#039; Out-of-Bounds Read (MS16-104/MS16-105)

!-- Source: http://blog.skylined.nl/20161110001.html Synopsis A specially crafted HTTP response can cause the CHttp­Header­Parser::Parse­Status­Line method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is abl...

EMC NetWorker Module for Microsoft Applications 2.2.1 / 2.3.x < 2.3 build 122 / 2.4.x < 2.4 build 375 Multiple Vulnerabilities

The version of EMC NetWorker formerly Legato NetWorker Module for Microsoft Applications installed on the remote host is 2.2.1, 2.3 prior to 2.3 build 122, or 2.4 prior to 2.4 build 375. As such, it reportedly is affected by multiple vulnerabilities, including arbitrary code execution and an...

CVE-2012-2284

The 1 install and 2 upgrade processes in EMC NetWorker Module for Microsoft Applications NMM 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors...