Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666

Read Time:21 Second

Posted by hyp3rlinx on Feb 27

[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666

[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft…

USN-7003-5: Linux kernel vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...

October 1, 2024

webkitgtk-2.46.1-1.fc39

FEDORA-2024-e1357fc22f Packages in this update: webkitgtk-2.46.1-1.fc39 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...

October 1, 2024

webkitgtk-2.46.1-1.fc41

FEDORA-2024-b142cc07d0 Packages in this update: webkitgtk-2.46.1-1.fc41 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...

October 1, 2024

webkitgtk-2.46.1-1.fc40

FEDORA-2024-4c6304b6fa Packages in this update: webkitgtk-2.46.1-1.fc40 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...

October 1, 2024

USN-7048-1: Vim vulnerability

Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly...

October 1, 2024

USN-7015-3: Python vulnerability

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS,...

October 1, 2024

Hacking ChatGPT by Planting False Memories into Its Data

People Know Their Data Rights, and They’re Here to Play Ball

Ten Million Brits Hit By Fraud in Just Three Years

ISACA: European Security Teams Are Understaffed and Underfunded

Crooked Cops, Stolen Laptops & the Ghost of UGNazi

NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk

Critical RCE Vulnerabilities Found in Common Unix Printing System

US State CISOs Struggling with Insufficient Cybersecurity Funding

British man used genealogy websites to fuel alleged hacking and insider trading scheme

Microsoft Windows Contact File / Remote Code Execution (Resurrected) CVE-2022-44666

USN-7003-5: Linux kernel vulnerabilities

webkitgtk-2.46.1-1.fc39

webkitgtk-2.46.1-1.fc41

webkitgtk-2.46.1-1.fc40

USN-7048-1: Vim vulnerability

USN-7015-3: Python vulnerability