This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary executable as SYSTEM. If the current user is a local admin, the system will attempt impersonation and the exploit will fail.
a872f68c00626fe384e850bbe5b416e5a094fcbf5639c9f1deb5248fc85413caWhitepaper called Everlasting ROBOT: the Marvin Attack. In this paper, the author shows that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. The Marvin Attack is a return of a 25 year old vulnerability that allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed with the private key.
11fd5f5eb17765f91bb0b2d7fe6530d7a6e1e20781250cc9cc5e701006d329c9Ubuntu Security Notice 6399-1 - It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack.
95522cf54b015802183133101cb54cb3a750d70263f84472aaa0bb06bd499190Ubuntu Security Notice 6398-1 - It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that ReadyMedia incorrectly handled certain HTTP requests using chunked transport encoding. A remote attacker could possibly use this issue to cause buffer overflows, resulting in out-of-bounds reads and writes.
e6b9c23be1704ff9683c7ec1e7ebad7ae3586cc6f747aba35595f86f21361f68Ubuntu Security Notice 6387-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
f996b052a5d8a42382af173d99592c385d1379e5d06dd710df420741bae776f9Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.
d13a796719bdfb63b4fcf139769434d3580bd60dc34168be371834a19bf9ba32Ubuntu Security Notice 6396-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.
04f83418015d33b3205d491de8dc8ecd62f2ec112f80bc56af999e0c615748faRed Hat Security Advisory 2023-5353-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include an out of bounds write vulnerability.
c67c9e25c41c667cdd202f6279b38de5026dd196c6d6df73efb86391089e0220Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
495a3f24d2632110634309010865240af57a5ea7b556b056d308808eae784582Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
e81e319d29d715b4f89864cf976c9fc33fedd006c1df0d2ae413f8194ec09effRed Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
c847a25ac05fb577d9d312fccc92714b065a2a75511c21413ff647b9c3fbba48Ubuntu Security Notice 6361-2 - USN-6361-1 fixed a vulnerability in CUPS. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that CUPS incorrectly authenticated certain remote requests. A remote attacker could possibly use this issue to obtain recently printed documents.
f9123a1386f6662e1350f22ae5fb3bbd57fb7d15a29172383d63f7a7ec323c1e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed