vulnerability spotlight
Vulnerability Spotlight: Apache OpenOffice Vulnerabilities
1 min read
Today, Talos is releasing details of three new vulnerabilities discovered within Apache OpenOffice application. The first vulnerability, TALOS-2017-0295 within OpenOffice Writer, the second TALOS-2017-0300 in the Draw application, and the third TALOS-2017-0301 discovered in the Writer application. All three vulnerabilities allow arbitrary code execution to be performed. Read More >>
Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline
1 min read
These vulnerabilities are discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics editor for Windows and Mac OS X that can also be used for desktop publishing. […]
Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.
1 min read
Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems. YAML is a data serialisation markup format which is designed to be readable […]
Vulnerability Spotlight: TALOS-2017-0430/0431: Multiple Vulnerabilities in FreeXL Library
1 min read
Talos has discovered two remote code execution vulnerabilities in the the FreeXL library. FreeXL is an open source C library to extract valid data from within an Excel (.xls) spreadsheet. Exploiting these vulnerabilities can potentially allow an attacker to execute arbitrary code on the victim’s machine. If an attacker builds a specially crafted XLS (Excel) […]
Vulnerability Spotlight: Code Execution Vulnerability in LabVIEW
1 min read
LabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition, instrument control and industrial automation. Talos is disclosing the presence of a code execution vulnerability which can be triggered by opening specially crafted VI files, the proprietary file format used by LabVIEW. […]
Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs
1 min read
Overview Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in detail these filters and how they operate. The software update to […]
Vulnerability Spotlight: FreeRDP Multiple Vulnerabilities
1 min read
Talos has discovered multiple vulnerabilities in the FreeRDP product. FreeRDP is a free implementation of the Remote Desktop Protocol (RDP) originally developed by Microsoft. RDP allows users to connect remotely to systems so they can be operated from afar. The open source nature of the FreeRDP library means that it is integrated into many commercial […]
Vulnerability Spotlight: Iceni Infix PDF Editor Memory Corruption
1 min read
Today, Talos is disclosing a vulnerability that has been identified in Iceni Infix PDF Editor that could lead to arbitrary code execution on affected hosts. This vulnerability manifests in a way that could be exploited if a user opens a specifically crafted PDF file that triggers this flaw. Talos has coordinated with Iceni to ensure […]
Vulnerability Spotlight: Dell Precision Optimizer and Invincea Vulnerabilities
1 min read
Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace. These packages are pre-installed on certain Dell systems. Vulnerabilities present in these applications could allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user. Read more […]