Lucene search
K

11 matches found

Securelist
Securelist
added 2020/05/28 10:0 a.m.1790 views

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...

7.2CVSS8.8AI score0.80968EPSS
Exploits43
0day.today
0day.today
added 2020/03/09 12:0 a.m.466 views

Microsoft Windows - (WizardOpium) Local Privilege Escalation Exploit

include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...

7.8CVSS0.5AI score0.74438EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/03/06 12:0 a.m.206 views

Microsoft Windows WizardOpium Local Privilege Escalation

include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...

7.2CVSS0.5AI score0.74438EPSS
Exploits10
The Hacker News
The Hacker News
added 2019/12/11 6:19 a.m.4 views

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft’s December securi...

9.3CVSS8AI score0.74438EPSS
Exploits10
The Hacker News
The Hacker News
added 2019/12/11 6:19 a.m.98 views

Latest Microsoft Update Patches New Windows 0-Day Under Active Attack

With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December securi...

9.3CVSS2.2AI score0.74438EPSS
Exploits10
ThreatPost
ThreatPost
added 2019/12/10 9:21 p.m.138 views

Microsoft Zaps Actively Exploited Zero-Day Bug

Microsoft has issued fixes for 36 CVEs for December 2019 Patch Tuesday across a range of products, with seven of them rated critical in severity – and one that’s already being exploited in the wild as a zero-day bug. The computing giant’s scheduled security update this month is relatively light,...

9.3CVSS8.8AI score0.74438EPSS
Exploits12References12
Securelist
Securelist
added 2019/12/10 8:0 p.m.102 views

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit...

7.2CVSS1.1AI score0.74438EPSS
Exploits14
ATTACKERKB
ATTACKERKB
added 2019/12/10 12:0 a.m.116 views

CVE-2019-1458

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Recent assessments: gwillcox-r7 at October 19, 2020 5:31pm UTC reported: Known as WizardOpium for its use in the...

8.8CVSS1.9AI score0.74438EPSS
In wildExploits14References4
Securelist
Securelist
added 2019/11/01 4:0 p.m.204 views

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google's Chrome browser. We promptly reported this to the Google Chrome security team...

6.8CVSS8.5AI score0.72977EPSS
Exploits4
ThreatPost
ThreatPost
added 2019/11/01 3:35 p.m.135 views

Google Discloses Chrome Flaw Exploited in the Wild

UPDATE Google is warning users of a high-severity vulnerability in its Chrome browser that is currently being exploited by attackers to hijack computers. The flaw CVE-2019-13720, discovered by security researchers Anton Ivanov and Alexey Kulaev at Kaspersky, exists in Google Chrome’s audio...

6.8CVSS8.9AI score0.72977EPSS
Exploits4References18
ATTACKERKB
ATTACKERKB
added 2019/10/10 12:0 a.m.174 views

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary co...

8.8CVSS1.5AI score0.74438EPSS
In wildExploits14References6
Rows per page
Query Builder