Vulnerability Details
TALOS-2017-0367 was identified by Piotr Bania of Talos.TALOS-2017-0367 (CVE-2017-2863) is memory corruption vulnerability in Iceni Infix that could be leveraged to achieve arbitrary code execution on the affected device. TALOS-2017-0367 manifests as a out of bound write flaw in the PDF parsing functionality. Exploitation is possible if a user were to open a specifically crafted PDF file that targets this vulnerability. The most likely form of attack this could be exploited would be in a social engineering scenario where a user receives an email containing a malicious PDF that exploits this vulnerability.
For more technical details, please read our advisory here.
Coverage
Talos has developed the following Snort rules to detect attempts to exploit this vulnerability. Note that these rules are subject to change pending additional vulnerability information. For the most current information, please visit your Firepower Management Center or Snort.org.Snort Rules: 43212-43213
For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal: http://www.talosintelligence.com/vulnerability-reports/
To review our Vulnerability Disclosure Policy, please visit this site:
http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.