Cisco Talos Blog

December 2, 2019 13:30

Vulnerability Spotlight: Two vulnerabilities in EmbedThis GoAhead

A Cisco Talos researcher discovered these vulnerabilities. Blog by Jon Munshaw. EmbedThis’ GoAhead Web Server contains two vulnerabilities that both arise when the software attempts to process a multi-part/form-data HTTP request. An attacker could exploit these vulnerabilities t

By Jonathan Munshaw
Vulnerability Spotlight
November 21, 2019 10:28

Vulnerability Spotlight: Two remote code execution vulnerabilities in Xcftools

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Xcftools contains two remote code execution vulnerabilities in its flattenIncrementally function. Xcftools is a set of tools for handling Gimp’s XCF files. The software provides tools to extract information from a

By Jonathan Munshaw
Vulnerability Spotlight
November 13, 2019 10:03

Vulnerability Spotlight: Command injection bug in Exhibitor UI

Logan Sanderson of Cisco ASIG discovered this vulnerability. Exhibitor Web UI contains an exploitable command injection vulnerability in its Config editor. Exhibitor is a ZooKeeper supervisory process. Exhibitor's Web UI does not have any form of authentication, and prior to

By Jonathan Munshaw
Vulnerability Spotlight
November 13, 2019 09:58

Vulnerability Spotlight: Denial-of-service vulnerability in Intel IGC64 graphics driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Intel’s IGC64.dll graphics driver contains a denial-of-service vulnerability. An attacker could exploit this bug by supplying a malformed pixel shader if the graphics driver is operating inside a VMwa

By Jonathan Munshaw
Vulnerability Spotlight
November 12, 2019 14:07

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Excel

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in Microsoft Excel. Microsoft disclosed this bug as part of their monthly security update Tuesday. This vulnerability ex

By Jonathan Munshaw
Vulnerability Spotlight
November 12, 2019 14:07

Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation

Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An atta

By Jonathan Munshaw
Vulnerability Spotlight
November 6, 2019 12:02

Vulnerability Spotlight: Code execution vulnerabilities in LEADTOOLS

Marcin Towalski and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple vulnerabilities in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integ

By Jonathan Munshaw
Vulnerability Spotlight
November 4, 2019 09:57

Vulnerability Spotlight: Two remote code execution vulnerabilities in Investintech Able2Extract

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered two remote code execution vulnerabilities in Investintech’s Able2Extract Professional. This software is a cross-platform PDF tool for Windows, Mac and Linux that conver

By Jonathan Munshaw
Vulnerability Spotlight
October 28, 2019 09:46

Vulnerability Spotlight: Denial-of-service in VMWare Fusion 11

Piotr Bania of Cisco Talos discovered this vulnerability. Executive summary VMware Fusion 11 contains an exploitable denial-of-service vulnerability. VMWare Fusion is an application for Mac operating systems that allows users to run other OSs in a virtual environment, such as W

By Jonathan Munshaw
Vulnerability Spotlight