This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-1586: SAP 3D Visual Enterprise Author SAT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1585: SAP 3D Visual Enterprise Author X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1584: SAP 3D Visual Enterprise Author X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1583: SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1582: SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1581: SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1580: SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-36608
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS. Affected by this issue is some unknown functionality of the file admin_organizer.js of the component Error Log Module. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is dfd0afacb26c3682a847bea7b49ea440b63f3baa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212816.
Azov “Ransomware” Wiper
FortiGuard Labs is aware of a new ransomware variant called “Azov”. Reason why this ransomware variant is in quotations is because although it has the hallmarks of ransomware, it is considered a data wiper. This is because there is no way to recover the encrypted data and/or get in touch with the threat actors.After encryption, the note left behind to the victim, “RESTORE_FILES.txt,” references well known OSINT researchers on Twitter. The note falsely reports that victims should get in touch with said researchers to request keys for decryption:#####!Azov ransomware!Hello, my name is hasherezade.I am the polish security expert.To recover your files contact us in twitter:@hasherezade@VK_Intel@demonslay335@malwrhunterteam@LawrenceAbrams@bleepincomputer[Why did you do this to my files?]I had to do this to bring your attention to the problem.Do not be so ignorant as we were ignoring Crimea seizure for years.The reason the west doesn’t help enough Ukraine.Their only help is weapons, but no movements towards the peace!Stop the war, go to the streets!Since when that Z-army will be near to my Polska country.The only outcome is nuclear war.Change the future now!Help Ukraine, come to the streets!We want our children to live in the peaceful world.————————————————–Biden doesn’t want help Ukraine.You people of United States, come to the streets, make revolution!Keep America great!Germany plays against their own people!Du! Ein mann aus Deutschland, komm doch, komm raus!Das ist aber eine Katastrophe, was Biden zu ihnen gemacht hat.Wie war das schoen, wenn Merkel war da?—————————————————#TaiwanIsChina#####How is Azov Being Distributed?Reports are that Azov is being dropped by SmokeLoader. Further reports as well reveal that Azov is being distributed on various pirated software, etc. sites as well.So if Files are Encrypted, why is this Referred to as a Wiper?This is because files are not recoverable and there are no instructions or contact information provided to the victim. Essentially files are rendered inoperable because there are no known decryption keys available.Is Decryption Possible?There are no known decryption keys or tools available at this time.What is the Status of Coverage?FortGuard Labs has AV coverage in place for Azov as:W64/AzovWiper.BVMK!tr.ransomW64/Generik.BVMK!tr.ransom