A vulnerability has been discovered in certain HP PC BIOS, which could allow for local arbitrary code execution. The BIOS is a firmware which is used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. Successful exploitation of this vulnerability could allow for local arbitrary code execution with kernel level privileges. An attacker could then install programs; view; change, or delete data; or create new accounts with full user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Character Animator is a desktop application software product that combines real-time live motion-capture with a multi-track recording system to control layered 2D puppets drawn in Photoshop or Illustrator.
ColdFusion is a platform for building and deploying web and mobile applications..
InDesign is a layout and page design software for print and digital media.
Framemaker is a document processor designed for writing and editing large or complex documents.
InCopy is a professional word processor.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Keeper Connection Manager: Privileged access to remote infrastructure with zero-trust and zero-knowledge security
Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! The mass migration to distributed work has given IT and DevOps teams the new challenge of performing infrastructure monitoring and management remotely. IT and DevOps personnel need a secure, reliable, and scalable … Continue reading “Keeper Connection Manager: Privileged access to remote infrastructure with zero-trust and zero-knowledge security”
ZDI-22-765: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-766: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-767: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-768: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-769: Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-770: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-771: Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.