This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5875.
Category Archives: Advisories
ZDI-24-667: IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5874.
ZDI-24-666: IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5877.
ZDI-24-665: (Pwn2Own) Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code in the renderer process in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-29944.
ZDI-24-664: (Pwn2Own) Mozilla Firefox SpiderMonkey JIT Compiler Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-29943.
APPLE-SA-06-10-2024-1 visionOS 1.2
Posted by Apple Product Security via Fulldisclosure on Jun 11
APPLE-SA-06-10-2024-1 visionOS 1.2
visionOS 1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214108.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
CoreMedia
Available for: Apple Vision Pro
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description:…
DSA-5709-1 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, the bypass of sandbox restrictions or an information leak.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe Photoshop is a raster graphics editor.
Adobe Experience Manager (AEM) is a comprehensive content management solution for building websites, mobile apps, and forms.
Adobe Audition is a comprehensive toolset that includes multitrack, waveform, and spectral display for creating, mixing, editing, and restoring audio content.
Adobe Media Encoder is an audio/video media processing program that allows users to convert files into other types of files.
Adobe FrameMaker Publishing Server is an enterprise software to automate multichannel publishing that lets you access publishing services remotely and output technical content in multiple formats and as mobile apps.
Adobe Commerce is a flexible and scalable commerce platform that lets you create personalized B2B and B2C experiences.
Adobe ColdFusion is a commercial rapid web-application development computing platform.
Adobe Substance 3D Stager a professional staging tool for scene design and rendering.
Adobe Creative Cloud is an assortment of applications and services created by Adobe that is ideal for photography, videography, design, and PDF creation.
Adobe Acrobat is a family of application software and Web services.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Critical Patches Issued for Microsoft Products, June 11, 2024
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.