by CIRT Team
Microsoft Windows LNK CVE-2017-8464 Remote Code Execution Vulnerability
Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or...
Read More
by CIRT Team
Apple macOS CVE-2017-7044 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: Attackers can exploit these issues to execute arbitrary code or bypass security restrictions and perform unauthorized actions. This may...
Read More
by CIRT Team
Apple iOS/WatchOS/tvOS/macOS : CVE-2017-7069 Security Vulnerabilities
Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Impact: An attacker can exploit these issues...
Read More
by CIRT Team
Linux kernel CVE-2017-11176 : mq_notify function Denial of Service Vulnerability
Description: The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. Impact: An attacker can exploit this issue to cause denial-of-service condition. Mitigation: Updates are available. Please check...
Read More
by CIRT Team
Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
Description: The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. Impact: A local attacker can exploit this issue to cause a denial-of-service condition. Linux Kernel 4.10.7 and prior versions are vulnerable. Mitigation: Updates are available. Please...
Read More
by CIRT Team
Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
Description: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Impact: Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions....
Read More
by CIRT Team
Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
Description: While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby...
Read More
by CIRT Team
Linux kernel CVE-2017-7487 : ‘net/ipx/af_ipx.c’ Use After Free Local Denial of Service Vulnerability
Description: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. Impact: An attacker can exploit this issue to cause a local denial-of-service condition. Mitigation: Updates are available. Please check specific vendor advisory for...
Read More
by CIRT Team
CowerSnail, from the creators of SambaCry [securelist]
Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – that suggested a relationship between them. Kaspersky Lab products detect the new malicious program as Backdoor.Win32.CowerSnail.
by CIRT Team
HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign [fireeye]
A wide variety of threat actors began distributing HawkEye malware through high-volume email campaigns after it became available for purchase via a public-facing website. The actors behind the phishing campaigns typically used email themes based on current events and media reports that would pique user interests, with the “Subject” line typically containing something about recent news. Although HawkEye malware has several different capabilities, it is...
Read More
