Home Tags Hypertext Markup Language (HTML)

Tag: Hypertext Markup Language (HTML)

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

Meet PINLogger, the drive-by exploit that steals smartphone PINs

Sensors in phones running both iOS and Android reveal all kinds of sensitive info.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

Old Malware Tricks To Bypass Detection in the Age of Big...

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently.

This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the… Read Full Article

VU#334207: DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to...

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point,and allows full file permissions to the anonymous user.

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

Word zero-day affects all versions of Office and Windows

Somebody at McAfee jumped the gun. Last Friday night McAfee disclosed the inner workings of a particularly pernicious rigged Word document attack — a zero-day involving a linked HTA file. On Saturday FireEye — citing a “recent public disclosure by another company” — gave more details, and revealed that it had been working on the problem with Microsoft for several weeks.It looks like McAfee’s public disclosure forced FireEye’s hand prior to Microsoft’s anticipated fix tomorrow.[ Office 365 vs.

Google G Suite: Productivity smackdown • Collaboration smackdown • Management smackdown. | Our guide to Exchange-based tools in Windows, MacOS, iOS, and Android: Desktop Outlook vs. mobile Outlook vs. native apps. ]
The exploit appears in a Word doc attached to an email message. When you open the doc (an RTF file with a .doc name extension), it has an embedded link that retrieves an HTA file. (An HTML application is usually wrapped around a VBScript or JScript program.)To read this article in full or to leave a comment, please click here

Booby-trapped Word documents in the wild exploit critical Microsoft 0day

There’s currently no patch for the bug, which affects most or all versions of Word.

VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure...

Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references.

VU#507496: GIGABYTE BRIX UEFI firmware fails to implement write protection and...

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 and GB-BXi7-5775 platforms,versions vF6 and vF2 respectively,fails to properly set the BIOSWE,BLE,SMM_BWP,and PRx bits to enforce write protection. It also is not cryptographically signed. These issues may permit an attacker to write arbitrary code to the platform firmware,potentially allowing for persistent firmware level rootkits or the creation of a permanent denial of service condition in the platform.

VU#342303: Pandora iOS app does not properly validate SSL certificates

The Pandora iOS app fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.

Malware finds unwitting ally in GitHub

Just because it's on GitHub doesn't mean it's legitimate.

A financially motivated espionage group is abusing a GitHub repository for C&C (command and control) communications, Trend Micro warned. Researchers found malware used by Winnti, a group...