Jan
10
2013
A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.
Description:
The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681.
Impact:
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
CVE Standard Vulnerability Entry: CVE-2013-0422
This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP as shown in the below screen-shot:
Tags: 0-Day Exploit, Blackhole, Blackhole Toolkit, Exploits, Java, Java 0-Day, Java 7, Java Exploit, News, Nuclear Pack, Vulnerability, Zero-Day, Zero-Day Exploit, Zero-Day Vulnerability
Filed in Exploits, Malware / Rootkit, Stories/News, Vulnerabilities | Prasanna Sherekar | Comments Off
Jan
23
2012
Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.
Multiple vulnerabilities have been discovered in Tor:
- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
- When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
- An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
Impact:
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.
Vulnerable Versions:
< 0.2.2.35
Workaround:
There is no known workaround at this time.
Resolution:
All Tor users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35″
References:
– CVE-2011-2768
– CVE-2011-2769
– CVE-2011-2778
Tags: Bugs, Tor, Tor Bugs, Tor Project, Tor Project Vulnerability, Tor Vulnerabilities, Tor Vulnerability, Vulnerabilities, Vulnerability
Filed in Exploits, Hacking Tools, Security Tools, Vulnerabilities | Prasanna Sherekar | Comments Off
Dec
22
2011
Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
Details:
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters, which could be exploited by attackers to crash the complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Vulnerable Modules:
[+] CFG IMPORT
Affected Version(s):
– Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
– KIS 2012 v12.0.0.374
– KAV 2012 v12.x
– Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
– KIS 2011 v11.0.0.232 (a.b)
– KAV 11.0.0.400
– KIS 2011 v12.0.0.374
– Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
Severity:
Medium
Credits:
Vulnerability Research Laboratory – Benjamin K.M. (Rem0ve)
Original Advisory:
– http://www.vulnerability-lab.com/get_content.php?id=129
– http://www.vulnerability-lab.com/get_content.php?id=19
Tags: Bugs, Kaspersky, Kaspersky Antivirus, Kaspersky Vulnerability, Memory Corruption, Memory Corruption Vulnerability, News, Vulnerabilities, Vulnerability
Filed in Exploits, Stories/News, Vulnerabilities | Prasanna Sherekar | Comments Off
Dec
22
2011
Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.
Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon-18 Presentation.
It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.
The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.
“In this demonstration Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it.” – Thomas Cannon said
Tags: Android, Android Backdoor, Android Hacking Video, Android Vulnerability, Backdoor, Hacking Android, Hacking Video, News, Video, Vulnerability
Filed in Stories/News, Videos, Vulnerabilities, White Papers | Prasanna Sherekar | Comments Off
Dec
21
2011
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system.
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser.
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit.
Other versions may also be affected.
Solution:
No effective solution is currently available.
Discovered By:
webDEViL
Original Advisory:
https://twitter.com/#!/w3bd3vil/status/148454992989261824
<iframe height=’18082563′></iframe> causes a BSoD on win 7 x64 via Safari. Lol!
Tags: Bugs, Exploits, Memory Corruption, Memory Corruption Vulnerability, Vulnerabilities, Vulnerability, win32k.sys, win32k.sys Vulnerability, Windows, Windows 7, Windows 7 Vulnerability, Windows Error, Windows Exploit, Windows Vulnerability
Filed in Exploits, Vulnerabilities | Prasanna Sherekar | Comments Off
