Vulnerability Research
Vulnerability Spotlight: OpenJPEG JPEG2000 mcc record Code Execution Vulnerability
1 min read
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos Overview Talos has identified an exploitable out-of-bounds vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library (TALOS-2016-0193/CVE-2016-8332). The JPEG 2000 file format is commonly used for embedding images inside PDF documents. This particular vulnerability could allow an out-of-bound heap write to occur, resulting […]
Vulnerability Spotlight: BlueStacks App Player Privilege Escalation
1 min read
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It’s commonly used to run popular Android games on these platforms. Details A weak registry key […]
Vulnerability Spotlight: PDFium Vulnerability in Google Chrome Web Browser
1 min read
This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos. PDFium is the default PDF reader that is included in the Google Chrome web browser. Talos has identified an exploitable heap buffer overflow vulnerability in the Pdfium PDF reader. By simply viewing a PDF document that includes an embedded jpeg2000 image, the attacker can achieve […]
Vulnerability Spotlight: Further NTPD Vulnerabilities
1 min read
As a member of the Linux Foundation Core Infrastructure Initiative, Cisco is contributing to the CII effort by evaluating the Network Time Protocol daemon (ntpd) for security defects. We previously identified a series of vulnerabilities in the Network Time Protocol daemon; through our continued research we have identified further vulnerabilities in the software. Read More>>
Vulnerability Spotlight: Lhasa Integer Underflow Exploit
1 min read
Talos is disclosing the discovery of vulnerability TALOS-2016-0095 / CVE-2016-2347 in the Lhasa LZH/LHA decompression tool and library. This vulnerability is due to an integer underflow condition. The software verifies that header values are not too large, but does not check for a too small header length. Decompressing a LHA or LZH file containing an […]
Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability
1 min read
Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability. Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel driver. This vulnerability was initially discovered by the Talos Vulnerability […]
The Internet of Things Is Not Always So Comforting
1 min read
Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “smarter,” and making our lives more convenient than ever before. Despite […]
Vulnerability Spotlight: Libgraphite Font Processing Vulnerabilities
1 min read
Vulnerabilities Discovered by Yves Younan of Cisco Talos. Talos is releasing an advisory for four vulnerabilities that have been found within the Libgraphite library, which is used for font processing in Linux, Firefox, LibreOffice, and other major applications. The most severe vulnerability results from an out-of-bounds read which the attacker can use to achieve arbitrary […]
Bypassing MiniUPnP Stack Smashing Protection
1 min read
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, […]
1