ZDI-22-865: SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

June 16, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-853: Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability

June 16, 2022

Read Time:12 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-854: (Pwn2Own) OPC Foundation UA .NET Standard Resource Exhaustion Denial-of-Service Vulnerability

June 16, 2022

Read Time:9 Second

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-855: (Pwn2Own) Unified Automation OPC UA C++ Demo Server TranslateBrowsePathsToNodeId Resource Exhaustion Denial-of-Service Vulnerability

June 16, 2022

Read Time:9 Second

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server. Authentication is not required to exploit this vulnerability.