The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021.

Read more in my article on the Hot for Security blog.

Advisories

ZDI-23-1784: Microsoft Word SKP File Parsing Use-After-Free Information Disclosure Vulnerability

December 14, 2023

Read Time:14 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3.

Advisories

ZDI-23-1785: Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

December 14, 2023

Read Time:14 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Advisories

ZDI-23-1786: Microsoft Word SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

December 14, 2023

Read Time:14 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Advisories

ZDI-23-1787: Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

December 14, 2023

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-33146.

Advisories

ZDI-23-1788: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

December 14, 2023

Read Time:17 Second

Advisories

ZDI-23-1789: Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability

December 14, 2023

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-33146.

Cyber Security News

Daily Archives: December 14, 2023

Vulnerabilities Now Top Initial Access Route For Ransomware

GambleForce Group Targets Websites With SQL Injection

Microsoft Targets Prolific Outlook Fraudster Storm-1152

UK’s Ministry of Defence fined after Bcc email blinder that put the lives of Afghan citizens at risk

ZDI-23-1784: Microsoft Word SKP File Parsing Use-After-Free Information Disclosure Vulnerability

ZDI-23-1785: Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-23-1786: Microsoft Word SKP File Parsing Memory Corruption Remote Code Execution Vulnerability

ZDI-23-1787: Microsoft Excel SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZDI-23-1788: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

ZDI-23-1789: Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability

News, Advisories and much more