0-day

January 27, 2017

THREAT RESEARCH

Matryoshka Doll Reconnaissance Framework

1 min read

This post authored by David Maynor & Paul Rascagneres with the contribution of Alex McDonnell and Matthew Molyett Overview Talos has identified a malicious Microsoft Word document with several unusual features and an advanced workflow, performing reconnaissance on the targeted system to avoid sandbox detection and virtual analysis, as well as exploitation from a non-embedded […]

January 23, 2017

THREAT RESEARCH

Vulnerability Spotlight – LibBPG Image Decoding Code Execution

1 min read

Overview Talos is disclosing TALOS-2016-0259 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered […]

January 20, 2017

THREAT RESEARCH

Vulnerability Spotlight: Adobe Acrobat Reader DC jpeg Decoder Vulnerability

1 min read

Discovered by Aleksandar Nikolic of Cisco Talos Overview Talos is disclosing TALOS-2016-0259 / CVE-2017-2791 an uninitialized memory vulnerability in Adobe Acrobat Reader DC. Adobe Acrobat Reader is one of the largest and well known PDF readers available today. This particular vulnerability is associated with the JPEG Decoder functionality embedded in the application. A specially crafted […]

December 20, 2016

THREAT RESEARCH

Vulnerability Spotlight: Tarantool Denial of Service Vulnerabilities

1 min read

Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of providing database-like features and providing an in-memory database which can be queried using a protocol based around the MsgPack […]

December 13, 2016

THREAT RESEARCH

Vulnerability Spotlight: Joyent SmartOS

1 min read

Vulnerability discovered by Tyler Bohan Overview Talos is disclosing a series of vulnerabilities in Joyent SmartOS, specifically in the Hyprlofs filesystem. SmartOS is an open source hypervisor that is based on a branch of Opensolaris. Hyperlofs is a SmartOS in-memory filesystem that allows users to map files from various different locations under a single namespace. […]

November 28, 2016

THREAT RESEARCH

Talos Responsible Disclosure Policy Update

1 min read

Responsible disclosure of vulnerabilities is a key aspect of security research. Often, the difficulty in responsible disclosure is balancing competing interests - assisting a vendor with patching their...

October 18, 2016

THREAT RESEARCH

Vulnerability Spotlight: Hopper Disassembler ELF Section Header Size Code Execution

1 min read

Vulnerability Discovered by Tyler Bohan and Cory Duplantis of Cisco Talos Talos has identified an exploitable out-of-bounds write vulnerability in the ELF Section Header parsing functionality of Hopper (TALOS-2016-0222/CVE-2016-8390). Hopper is a reverse engineering tool for macOS and Linux allowing the user to disassemble and decompile 32/64bit Intel-based Mac, Linux, Windows and iOS executables. During the parsing […]

October 18, 2016

THREAT RESEARCH

Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure

1 min read

Vulnerability discovered by Aleksandar Nikolic of Talos. Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer. The `memcpy` call is properly […]

September 30, 2016

THREAT RESEARCH

Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability

1 min read

Vulnerability discovered by Aleksandar Nikolic of Cisco Talos Overview Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting […]