by CIRT Team
Security Fixes for Google Chrome
Description: Google chrome before version 60.0.3112.78 for Windows, Mac, and Linux has multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Impact: Attackers can exploit these issues to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html
by CIRT Team
CVE-2017-8572 Microsoft Office Outlook Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. Impact: An attacker who exploited the vulnerability could use the information to compromise the user’s computer...
Read More
by CIRT Team
CVE-2017-8663 Microsoft Office Outlook Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference...
Read More
by CIRT Team
Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability
Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or...
Read More
by CIRT Team
Apple macOS CVE-2017-7044 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may...
Read More
by CIRT Team
Apple iOS/WatchOS/tvOS/macOS : CVE-2017-7069 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: An attacker can exploit these issues...
Read More
by CIRT Team
Linux kernel CVE-2017-11176 : mq_notify function Denial of Service Vulnerability
Description: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. Impact: An attacker can exploit this issue to cause denial-of-service condition. Mitigation: Updates are available. Please check...
Read More
by CIRT Team
Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. Impact: A local attacker can exploit this issue to cause a denial-of-service condition. Linux Kernel 4.10.7 and prior versions are vulnerable. Mitigation: Updates are available. Please...
Read More
by CIRT Team
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
Description: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Impact: Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions....
Read More
by CIRT Team
Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
Description: While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby...
Read More
