8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.7%
Cisco Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.
Attackers could exploit these vulnerabilities to carry out a variety of attacks, in some cases gaining the ability to execute remote code on the targeted machine.
Four of the vulnerabilities included in today's Vulnerability Roundup that affect the Accusoft ImageGear development toolkit have a CVSS severity score of 9.8 out of a possible 10.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence's website.
TALOS-2023-1751 (CVE-2023-3421) is a use-after-free vulnerability that affects the Google Chrome web browser. An attacker could exploit this vulnerability by tricking the target into visiting a specially crafted HTML web page.
The vulnerability arises when an adversary manipulates a specific function in Chrome to cause an out-of-bounds heap memory access, which could lead to a heap use-after-free or heap overflow.
Talos researchers recently discovered eight vulnerabilities in Accusoft ImageGear, a document-imaging developer toolkit that allows users to convert, edit and create images.
Three of the vulnerabilities – TALOS-2023-1802 (CVE-2023-32653), TALOS-2023-1830 (CVE-2023-39453) and TALOS-2023-1760 (CVE-2023-35002) are heap-based buffer overflow vulnerabilities that could allow an attacker to execute arbitrary code on the targeted machine. Another issue, TALOS-2023-1836 (CVE-2023-40163), also has a critical severity score of 9.8 out of 10, but in this case, a specially crafted file could lead to memory corruption.
TALOS-2023-1729 (CVE-2023-23567) can also lead to arbitrary code execution, though this vulnerability is considered less severe. An attacker could also exploit this vulnerability by supplying the target with a malformed file.
There are three other vulnerabilities Talos discovered in this software that could cause a heap-based buffer overflow condition or memory corruption if the attacker sends a specially crafted file to the target.
Hancom Office is one of the most popular software packages in South Korea, offering word processing and other services similar to Microsoft Office 365.
Talos discovered a use-after-free vulnerability in HWord, the package's word processing software. TALOS-2023-1759 (CVE-2023-32541) can be manipulated in a way that will eventually allow the attacker to execute arbitrary code if they trick the target into opening a specially crafted, malicious .doc file.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.7%