vulnerability

February 27, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Iceni Argus PDF Content Extraction affect Mar …

1 min read

Overview Talos has discovered multiple vulnerabilities in Iceni Argus PDF content extraction product. Exploiting these vulnerabilities can allow an attacker to gain full control over the victim’s machine. Although the main product is deprecated by Iceni, the library is still supported. Iceni has released a patched version that addresses these vulnerabilities. Nevertheless, the library is […]

December 20, 2016

THREAT RESEARCH

Vulnerability Spotlight: Tarantool Denial of Service Vulnerabilities

1 min read

Vulnerabilities discovered by Talos Talos is disclosing two denial of service vulnerabilities (CVE-2016-9036 & CVE-2016-9037) in Tarantool. Tarantool is an open-source lua-based application server. While primarily functioning as an application server, it is also capable of providing database-like features and providing an in-memory database which can be queried using a protocol based around the MsgPack […]

November 8, 2016

THREAT RESEARCH

Microsoft Patch Tuesday – November 2016

1 min read

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. For a detailed explanation of each of the categories listed below, please go to https://technet.microsoft.com/en-us/security/gg309177.aspx. This month’s release is packed full of goodies, but you don’t want to wait to review them over Thanksgiving dinner as there […]

October 25, 2016

THREAT RESEARCH

Vulnerability Spotlight: LibTIFF Issues Lead To Code Execution

1 min read

These Vulnerabilities were discovered by Tyler Bohan of Cisco Talos. Talos is releasing multiple vulnerabilities (TALOS-2016-0187, TALOS-2016-0190 & TALOS-2016-0205) in the LibTIFF library . One vulnerability (TALOS-2016-0187) is an exploitable heap based buffer overflow that impacts the LibTIFF TIFF2PDF conversion tool. Another vulnerability (TALOS-2016-0190) impacts the parsing and handling of TIFF images ultimately leading to […]

October 19, 2016

SECURITY

Malicious Microsoft Office Documents Move Beyond InkPicture

3 min read

In late August we began to detect malicious Microsoft Word documents that contained VisualBasic (VB) macro code and the code appeared to be triggering when the document was opened. However, the documents did not contain any of the standard events used to launch VB macro code when a document is opened, including Document_Open, or Auto_Open events. Upon […]

October 18, 2016

SECURITY

Evolving Security Disclosures : The New OASIS Common Security Advisory Framework (CSAF) Technical Committee

2 min read

During the last few years we have witnessed how the cyber security threat landscape has evolved. The emergence of the Internet of Things combined with recent events have profoundly changed how we protect our systems and people, and drive us to think about new approaches for vendors to disclose security vulnerabilities to customers and consumers. […]

October 3, 2016

THREAT RESEARCH

Vulnerability Spotlight: FreeImage Library XMP Image Handling Code Execution Vulnerability

1 min read

Exploit uses a maliciously crafted image file as an email attachment or via an instant message.

August 26, 2016

THREAT RESEARCH

Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite

1 min read

Talos has discovered multiple vulnerabilities in Kaspersky’s Internet Security product which can be used by an attacker to cause a local denial of service attack or to leak memory from any machine running Kaspersky Internet Security software. The vulnerabilities affect Kaspersky Internet Security 16.0.0, KLIF driver version 10.0.0.1532, but may affect other versions of the […]

August 15, 2016

THREAT RESEARCH

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within Lexmark Perceptive Document Filters.

1 min read

Vulnerabilities discovered by Tyler Bohan & Marcin Noga of Cisco Talos. Talos are today releasing three new vulnerabilities discovered within the Lexmark Perceptive Document Filters library. TALOS-2016-0172, TALOS-2016-0173 and TALOS-2016-0183 allow for a remote code execution using specifically crafted files. These vulnerabilities are present in the Lexmark Document filter parsing engine which is used across […]