Archive for the ‘code execution’ Category

Nasty WinRAR bug is being actively exploited to install hard-to-detect malware

March 15th, 2019
Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Malicious hackers wasted no time exploiting a nasty code-execution vulnerability recently disclosed in WinRAR, a Windows file-compression program with 500 million users worldwide. The in-the-wild attacks install malware that, at the time this post was going live, was undetected by the vast majority of antivirus product.

The flaw, disclosed last month by Check Point Research, garnered instant mass attention because it made it possible for attackers to surreptitiously install persistent malicious applications when a target opened a compressed ZIP file using any version of WinRAR released over the past 19 years. The absolute path traversal made it possible for archive files to extract to the Windows startup folder (or any other folder of the archive creator’s choosing) without generating a warning. From there, malicious payloads would automatically be run the next time the computer rebooted.

On Thursday, a researcher at McAfee reported that the security firm identified “100 unique exploits and counting” in the first week since the vulnerability was disclosed. So far, most of the initial targets were located in the US.

Read 3 remaining paragraphs | Comments

Posted in Biz & IT, code execution, exploits, malware, vulnerabilities, WinRar | Comments (0)

Nasty code-execution bug in WinRAR threatened millions of users for 14 years

February 20th, 2019

Enlarge / Evert (credit: iStock / Getty Images)

WinRAR, a Windows file compression program with 500 million users worldwide, recently fixed a 14-year-old vulnerability that made it possible for attackers to execute malicious code when targets opened a booby-trapped file.

The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing, rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.

Researchers from Check Point Software, the security firm that discovered the vulnerability, initially had trouble figuring out how to exploit the vulnerability in a way that executed code of their choosing. The most obvious path—to have an executable file extracted to the Windows startup folder where it would run on the next reboot—required WinRAR to run with higher privileges or integrity levels than it gets by default.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, bugs, code execution, exploits, vulnerabilities, WinRar | Comments (0)

LibreOffice and Apache OpenOffice vulnerable to same bug; only one is fixed

February 6th, 2019
A repairman with

Enlarge (credit: Lisa Brewster / Flickr)

LibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

Austrian researcher Alex Inführ publicly reported the vulnerability on Friday, shortly after it was fixed in LibreOffice. His disclosure included a proof-of-concept exploit that successfully executed commands on computers running what was then a fully patched version of LibreOffice. The only interaction that was required was that the target user hover over an invisible link with a mouse. On Wednesday, researcher John Lambert provided additional PoC samples.

The chief vulnerability exploited is a path traversal that allowed the attack code to move out of its current directory and into one that contained a sample Python script that LibreOffice installed by default. That allowed Inführ to invoke the cmd command on the vulnerable computer. The researcher then exploited a separate weakness that allowed him to pass parameters of his choice to the command.

Read 5 remaining paragraphs | Comments

Posted in apache openoffice, Biz & IT, code execution, exploits, LibreOffice, Microsoft office, vulnerabilities | Comments (0)

Foxit to Fix PDF Reader Zero Days by Friday

August 22nd, 2017

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

Posted in code execution, foxit, Foxit Reader, Foxit Software, PhantomPDF, vulnerabilities, zdi, zero day initiative | Comments (0)

Critical Vulnerability Patched in Roundcube Webmail

December 7th, 2016

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

Posted in code execution, command execution, email security, Hendrik Buchwald, input sanitation, Input validation, Open Source Security, PHP fifth parameter, php security, RIPS Technologies, Roundcube, vulnerabilities, Vulnerability, Web Security | Comments (0)

Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flash

October 11th, 2016

Adobe patched 81 vulnerabilities, including a handful of critical bugs, in Acrobat, Reader, and Flash on Tuesday.

Posted in Acrobat, adobe, code execution, flash, memory corruption bugs, patch tuesday, reader, vulnerabilities | Comments (0)

Windows Print Spooler Flaws Lead to Code Execution

July 12th, 2016

Microsoft today released six critical bulletins as part of its July Patch Tuesday update, including patches for remote code execution flaws in Windows Print Spooler components.

Posted in code execution, Gunter Ollmann, Internet of things, IoT, IoT security, Microsoft patches, networked printers, patch tuesday, printer drivers, shared printers, Vectra Networks, vulnerabilities, Web Security, Windows patches | Comments (0)

Adobe Warns of Flash Zero Day, Patches Acrobat, Reader

May 10th, 2016

Adobe pushed out 95 fixes for Acrobat, Reader, and ColdFusion on Tuesday and simultaneously warned about a zero day vulnerability in Flash it plans to patch on Thursday.

Posted in Acrobat, adobe, Adobe Patches, code execution, coldfusion, critical vulnerabilities, flash, patch tuesday, reader, vulnerabilities, Web Security | Comments (0)

D-Link Patches Two Remotely Exploitable Bugs in Firmware

March 16th, 2015

Router company D-Link has patched two separate vulnerabilities in its firmware that could be exploited remotely and lead to takeover and arbitrary code execution. Routers under the DCS-93xl umbrella, including the DCS-930L, DCS-931L, DCS-932L, and DCS-933L models, contain a hole that enabled remote authenticated attackers to upload their own files – in the location of […]

Posted in code execution, d-link, Remotely exploitable bugs, router, Router vulnerabilities, vulnerabilities | Comments (0)