GNU BinUtils 安全漏洞

GNU BinUtils is a collection of programming tools for working with binary files from the US GNU community. A security vulnerability exists in GNU BinUtils version 2.26, which stems from the improper handling of specially crafted PE files by the dunqualifiedname function in the cp-demangle.c file,...

PT-2025-48495

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions 16.0.0 on MacOS Avast Antivirus versions 3.0.3 on Linux Description A NULL pointer dereference issue exists in Avast Antivirus when scanning a malformed Windows PE file. This can cause the antivirus process to crash on...

CVE-2017-8776

Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the...

PT-2022-19291 · F Secure +1 · F-Secure +1

Name of the Vulnerable Software and Affected Versions: F-Secure and WithSecure products affected versions not specified Description: A Denial-of-Service issue was discovered in F-Secure and WithSecure products. The aerdl.so or aerdl.dll component may enter an infinite loop when unpacking PE files...

UBUNTU-CVE-2018-17360

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfdgetl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executabl...

Bring Your Own Land (BYOL) – A Novel Red Teaming Technique

Introduction One of most significant recent developments in sophisticated offensive operations is the use of “Living off the Land” LotL techniques by attackers. These techniques leverage legitimate tools present on the system, such as the PowerShell scripting language, in order to execute attacks...

Update to add SHA-2 code signing support for Windows Server 2008 SP2

Update to add SHA-2 code signing support for Windows Server 2008 SP2 Summary This update provides support for the Secure Hash Algorithm-2 SHA-2 code signing and verification functionality in the 64-bit version of Windows Server 2008 Service Pack 2 SP2 which includes the following: Support for...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)

The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could...