Cisco Talos Blog

February 11, 2020 14:31

Vulnerability Spotlight: Code execution vulnerability in Microsoft Media Foundation

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a code execution vulnerability. This specific bug lies in Media Foundations’ MPEG4 DLL. An attacker could provide a user with a specially crafted ASF fi

By Jonathan Munshaw
Vulnerability Spotlight
February 11, 2020 14:31

Vulnerability Spotlight: Use-after-free vulnerability in Windows 10 win32kbase

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos is releasing the details of a use-after-free vulnerability in Windows 10. An attacker could exploit this vulnerability to gain the ability to execute arbitrary code in the kernel conte

By Jonathan Munshaw
Vulnerability Spotlight
February 11, 2020 11:13

Vulnerability Spotlight: Information leak vulnerability in Adobe Acrobat Reader’s JavaScript function

Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an information leak vulnerability in Adobe Acrobat Reader. Acrobat supports a number of features, including the ability to process embedded JavaScript. An attack

By Jonathan Munshaw
Vulnerability Spotlight
February 10, 2020 10:27

Vulnerability Spotlight: Accusoft ImageGear library code execution vulnerabilities

Emmanuel Tacheau of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three code execution vulnerabilities in Accusoft ImageGear. The ImageGear library is a document-imaging developer toolkit to assist users with image conversion,

By Jonathan Munshaw
Vulnerability Spotlight
February 3, 2020 14:11

Vulnerability Spotlight: Denial-of-service, information leak bugs in Mini-SNMPD

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in Mini-SNMPD, a lightweight implementation of a Simple Network Management Protocol server. An attacker can exploit these bugs by providing a specially crafted

By Jonathan Munshaw
Vulnerability Spotlight
January 22, 2020 09:15

Vulnerability Spotlight: Multiple vulnerabilities in some AMD graphics cards

Piotr Bania of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Multiple vulnerabilities exist in a driver associated with the AMD Radeon line of graphics cards. An attacker can exploit these bugs by providing a specially crafted shader file to the user while u

By Jonathan Munshaw
Vulnerability Spotlight
January 21, 2020 12:29

Vulnerability Spotlight: Bitdefender BOX 2 bootstrap remote code execution vulnerabilities

Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Bitdefender BOX 2 contains two remote code execution vulnerabilities in its bootstrap stage. The BOX 2 is a device that protects users’ home networks from a

By Jonathan Munshaw
Vulnerability Spotlight
January 16, 2020 10:56

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Foxit PDF Reader

Aleksandar Nikolic of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered four remote code execution vulnerabilities in Foxit PDF Reader. Foxit PDF Reader is a popular program for reading and editing PDFs. The software supports Jav

By Jonathan Munshaw
Vulnerability Spotlight
January 9, 2020 12:58

Vulnerability Spotlight: Code execution vulnerability in E2fsprogs

Lilith [^_^] of Cisco Talos discovered this vulnerability. E2fsprogs contains an exploitable code execution vulnerability in its directory rehashing functionality. This set of programs is often considered essential software for many Linux and Unix machines and ships by default

By Jonathan Munshaw
Vulnerability Spotlight