This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
Backdoor.Win32.Bushtrommel.122 / Unauthenticated Remote Command Execution
Posted by malvuln on Aug 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bushtrommel.122
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 31745 and 1030. Adversaries
who can reach infected hosts can run commands made available by the…
Backdoor.Win32.Bushtrommel.122 / Authentication Bypass
Posted by malvuln on Aug 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bushtrommel.122
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 31745 runs an ftp server on
port 1030. Attackers who can reach infected systems can logon using any
username/password…
Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow
Posted by malvuln on Aug 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Jokerdoor
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 27374. Attackers who can reach
an infected system can send a large payload and trigger a classic stack
buffer overflow…
CVE-2021-32771
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615.
OpenImageIO-2.3.18.0-2.fc37 ctk-0.1-0.24.20190721.fc37 dcmtk-3.6.7-1.fc37
FEDORA-2022-73bf8ee661
Packages in this update:
ctk-0.1-0.24.20190721.fc37
dcmtk-3.6.7-1.fc37
OpenImageIO-2.3.18.0-2.fc37
Update description:
Security fix for CVE-2021-41688, CVE-2021-41690, CVE-2021-41687, CVE-2021-41689
Meet Woody the New Remote Access Trojan
FortiGuard Labs is aware of a report that a new Remote Access Trojan (RAT) called “Woody” has been lurking in the wild for the past year. Reported initial infection vectors include email attachments as well as Microsoft Word documents that leverage the recently patched Follina vulnerability (CVE-2022-30190). Once a victim is infected, Woody RAT collects and sends specific information to its Command-and-Control (C2) server and performs various activities based on the remote commands it receives.Why is this Significant?This is significant because Woody RAT reportedly was used in real world attacks over the past year, yet the malware came to light only recently. Initial infection vectors include leveraging the infamous Follina vulnerability (CVE-2022-30190) in which a patch was released on June 2022 and has been used in various attacks.What is Woody RAT?Woody is a Remote Access Trojan (RAT) that performs activities according to the remote commands it receives from its C2 server.Reported initial infection vectors include email attachments and usage of Microsoft Word that leverages the Follina vulnerability (CVE-2022-30190). In the former case, email attachments are ZIP files containing a Woody RAT executable file, which victims need to run manually to start infection process. In the latter case, victims receive weaponized Microsoft Word files which abuse the MSDT URI scheme to download and run Woody RAT. For reference, FortiGuard Labs previously released an Outbreak Alert and Threat Signal on CVE-2022-30190. See the Appendix for links to “MSDT Follina” and “Follina: 0-day Windows MSDT Vulnerability (CVE-2022-30190) Exploited in The Wild”.Once Woody RAT compromises a victim’s machine, it collects information such as OS, computer name and installed Anti-virus solutions and sends data to its C2 server. The RAT is capable of performing various activities on a compromised machine that include uploading and download files, listing up directories and capturing screenshots upon receiving remote commands.Has the Vendor Released a Patch for the Follina vulnerability (CVE-2022-30190) Used by Woody RAT?Yes. Microsoft released a patch as part of regular June 2022 MS Tuesday patch release.What is the Status of Coverage?FortiGuard Labs detects known Woody RAT and associated samples with the following AV signatures:W32/WoodyRAT.A!trMSOffice/Agent.AAP!trW64/Agent.OS!trW64/Reflo.WD!trMalicious_Behavior.SBPossibleThreat.PALLAS.HW32/PossibleThreatIn relation with CVE-2022-30190, the following signature will detect the retrieval of remote HTML files that contain the MSDT command:MS.Office.MSHTML.Remote.Code.Execution.All network IOCs associated with this attack are blocked by the WebFiltering client.
owncloud-client-2.10.1-1.fc36
FEDORA-2022-8d623b4c3f
Packages in this update:
owncloud-client-2.10.1-1.fc36
Update description:
Security fix for CVE-2021-44537
firefox-103.0.1-1.fc35
FEDORA-2022-6fa6d8f3e6
Packages in this update:
firefox-103.0.1-1.fc35
Update description:
Update to latest upstream (103.0.1)
ZDI-22-1045: Microsoft Windows win32kfull UMPDDrvStrokeAndFillPath Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.