News

Stealthy “Hunter-Killer” Malware Detections Surge 333% Annually

February 13, 2024

Read Time:4 Second

Picus Security sees huge uptick in malware designed to detect and disrupt security tooling

ZDI-24-164: Microsoft Office Word PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

February 13, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21379.

Advisories

ZDI-24-165: Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability

February 13, 2024

Read Time:18 Second

This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21412.

Advisories

ZDI-24-166: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability

February 13, 2024

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-20736.

Advisories

ZDI-24-167: Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnerability

February 13, 2024

Read Time:17 Second

Advisories

ZDI-24-168: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

February 13, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20728.

Advisories

ZDI-24-169: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

February 13, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20739.

Cyber Security News

Daily Archives: February 13, 2024

Stealthy “Hunter-Killer” Malware Detections Surge 333% Annually

ZDI-24-164: Microsoft Office Word PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-165: Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability

ZDI-24-166: Adobe Acrobat Pro DC AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-24-167: Adobe Acrobat Pro DC AcroForm Use-After-Free Information Disclosure Vulnerability

ZDI-24-168: Adobe Acrobat Pro DC Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-24-169: Adobe Audition AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

News, Advisories and much more