Cisco Talos Blog

June 1, 2020 09:13

Vulnerability Spotlight: VMware Workstation 15 denial-of-service vulnerability

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15. VMware allows users to set up virtual machines and operate various operating systems outside of the ones de

May 21, 2020 11:23

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and

May 21, 2020 09:00

Vulnerability Spotlight: Authentication bypass vulnerability in some Epson projectors

Yuri Kramarz of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Epson EB-1470UI Projector contains an authentication bypass vulnerability in its web control functionality. This projector allows users to control it over the web. However, an adversary could tri

May 18, 2020 10:12

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign a

May 12, 2020 15:05

Vulnerability Spotlight: Code execution vulnerability in Microsoft Excel

Cisco Talos recently discovered a code execution vulnerability in some versions of Microsoft Excel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted Excel file, triggering a use-after-free condition and allowing them to execute

May 12, 2020 13:00

Vulnerability Spotlight: Remote code execution vulnerabilities in Adobe Acrobat Reader

Cisco Talos recently discovered two remote code execution vulnerabilities in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. These flaws specifically exist in the way the software handles the destruction of annota

May 6, 2020 13:41

Vulnerability Spotlight: Code execution vulnerability in 3S CODESYS

Carl Hurd of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable code execution vulnerability in 3Sā€™ CODESYS Control SoftPLC runtime system. The system allows any embedded or PC device to convert into an IEC 61131-3-

May 5, 2020 15:27

Vulnerability Spotlight: Multiple code execution vulnerabilities in Accusoft ImageGear

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion,

April 21, 2020 10:30

Vulnerability Spotlight: Zoom Communications user enumeration

Video conferencing and calling software has spiked in popularity as individuals across the globe are forced to stay home due to the COVID-19 pandemic. There are a plethora of players in this space, with one or two getting increased attention. One service in particular ā€” Zoom ā€” ha