Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution. Acrobat is one of the most popular PDF readers currently available, especially in the U.S., and many browsers utilize an Acrobat plugin. This means an attacker could trick a user into opening a specially crafted, malicious file in the browser as a file or tricking them into opening it in the desktop application.
a TALOS-2023-1794 (CVE-2023-44336) exists in the Thermometer JavaScript object in Acrobat Reader. An attacker who exploits this vulnerability could use specially crafted JavaScript code to cause a use-after-free vulnerability, which can lead to memory corruption and arbitrary code execution.
TALOS-2023-1842 (CVE-2023-44372) works in the same way, but in this case, the vulnerability affects the page event processing in Acrobat Reader.
Arbitrary code execution vulnerability in Microsoft Excel
Discovered by Marcin “Icewall” Noga of Cisco Talos.
Talos discovered a vulnerability in Microsoft Office Professional Plus 2019 (specifically the spreadsheet creation software Excel) that could lead to arbitrary code execution.
Microsoft patched this vulnerability, CVE-2023-36041 (TALOS-2023-1835), as part of its monthly security update earlier this month.
This use-after-free vulnerability exists in the ElementType attribute parsing in Microsoft Office Professional Plus 2019 Excel and could allow an attacker to execute remote code on the targeted machine. An adversary would need to trick the targeted user into opening a specially crafted Excel spreadsheet to exploit this vulnerability.
6 vulnerabilities in open-source embedded operating system
Discovered by Kelly Patterson of Cisco Talos.
Cisco Talos recently discovered multiple vulnerabilities in Weston Embedded µC-HTTP, the open-source embedded HTTP server and client module for µC/TCP-IP. µC/TCP-IP is an embedded operating system first developed by Micrium, and is now maintained by Weston Embedded Solutions.
TALOS-2023-1732 (CVE-2023-28391), TALOS-2023-1738 (CVE-2023-28379) and TALOS-2023-1746 (CVE-2023-31247) are memory corruption vulnerabilities that could lead to arbitrary code execution on the targeted device. An adversary could exploit these vulnerabilities by sending a specially crafted packet. There are various mitigation options for these issues, as outlined in Talos’ advisories, that can prevent the exploitation of these vulnerabilities.
TALOS-2023-1726 (CVE-2023-25181) and TALOS-2023-1733 (CVE-2023-27882) both also lead to code execution, but in these cases, are caused by buffer overflows in the operating system triggered by a specially crafted packet.
There is also TALOS-2023-1725 (CVE-2023-24585), an out-of-bounds write vulnerability that could lead to memory corruption. This vulnerability occurs when parsing the method of an HTTP request and could lead to heap corruption.