21 C
Thursday, August 17, 2017
Home Tags Buffer Overflow

Tag: Buffer Overflow

Boffins had to break gene-reading software but were able to remotely exploit a computer Scientists from the University of Washington have created synthetic DNA that produced malware of a sort.…
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
The Simple Network Management Protocolnbsp;(SNMP) subsystem of Cisconbsp;IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system ...
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files.

An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via...
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2–adjacent attacker to execute arbitrary code or cause a denial of service ...
The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server
Commvault Edge,version 11 SP6(,is vulnerable to a stack-based buffer overflow vulnerability.
D-Link DIR-850L,firmware versions 1.14B07,2.07.B05,and possibly others,contains a stack-based buffer overflow vulnerability in the web administration interface HNAP service. Other models may also be affected.
Security experts warn that it may be possible to exploit a vulnerability in a protocol widely used to connect Windows clients and servers to inject and execute malicious code on Windows computers.Computers running fully patched Windows 10, 8.1, Server 2012, or 2016  that try to access an infected server will crash with a Blue Screen triggered in mrxsmb20.sys, according to a post by Günter Born on today's Born’s Tech and Windows World blog.[ Also from InfoWorld: The 10 Windows group policy settings you need to get right. | Survive and thrive with the new OS: The ultimate Windows 10 survivor kit. | Stay up on key Microsoft technologies with the Windows newsletter. ]The vulnerability takes advantage of a buffer overflow bug in Microsoft’s SMBv3 routines.
SMBv3 is the latest version of the protocol used to connect Windows clients and servers for sharing files and printers.To read this article in full or to leave a comment, please click here
Researchers have found a half-dozen flaws in popular printer models that allow attackers to do everything from steal print jobs to conduct buffer overflow attacks.
Apple issues its first security updates of 2017, fixing 18 security vulnerabilities in IOS and 11 security issues in macOS. Apple released its first operating system updates of 2017 on Jan. 23, with the debut of macOS 10.12.3 on the desktop and IOS 10....
Apple today released new versions of iOS and macOS Sierra and addressed some overlapping code execution vulnerabilities in both its mobile and desktop operating systems. The updates were part of a bigger release of security updates from Apple that also included Safari, iCloud for Windows, and watchOS. The most critical of the bugs were a pair of kernel vulnerabilities, CVE-2017-2370 and CVE-2017-2360, which could allow a malicious application to execute code with the highest kernel privileges.

The two bugs, a buffer overflow and use-after-free vulnerability, were reported by Google Project Zero’s Ian Beer and were patched in iOS 10.2.1 and macOS Sierra 10.12.3. A critical libarchive buffer overflow vulnerability, CVE-2016-8687, was also patched in iOS and macOS Sierra. “Unpacking a maliciously crafted archive may lead to arbitrary code execution,” Apple said. Apple also patched 11 vulnerabilities in the iOS implementation of WebKit, a half-dozen of which lead to arbitrary code execution, while three others attackers could abuse with crafted web content to exfiltrate data cross-origin. Many of the same Webkit vulnerabilities were also patched in Safari, which was updated to version 10.0.3. Rounding out the iOS update, Apple patched a flaw in Auto Unlock that could unlock when Apple Watch is off the user’s wrist, along with an issue that could crash the Contacts application, and another Wi-Fi issue that could show a user’s home screen even if the device is locked. The macOS Sierra update also patched code execution vulnerabilities in other components, including its Bluetooth implementation and Graphics Drivers (code execution with kernel privileges), Help Viewer, and the Vim text editor. The Safari update also patched a vulnerability in the address bar, CVE-2017-2359, that could be exploited if visiting a malicious website, allowing an attacker to spoof the URL. tvOS was updated to version 10.1.1, and the same kernel, libarchive and webkit vulnerabilities present in iOS were patched in the Apple TV OS (4th generation). The watchOS update, 3.1.3, was a sizable one as well with patches for 33 CVEs, including 17 code execution vulnerability. The iCloud for Windows 6.1.1 update, for Windows 7 and later, also patched four Webkit vulnerabilities addressed in other product updates, all off which lead to arbitrary code execution.