Security Vulnerabilities
MOST EXPLOITED SECURITY VULNERABILITIES FROM 2016 TO 2019 ARE LISTED BELOW:
1. CVE-2017-11882
Microsoft office 2007 service pack 3, Microsoft office 2010 service pack 2, Microsoft office 2013 service pack1, Microsoft office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory aka “Microsoft memory corruption vulnerability”. The CVE id is unique from CVE-2017-11884.
OVERVIEW:
Microsoft equation editor contains a stack Buffer overflow which allows an unauthenticated attacker to execute arbitrary code on a vulnerable system.
IMPACT:
By convincing a user to open a specially crafted Office document, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of a logged-on user.
ASSOCIATED MALWARE:
Loki, Formbook, Pony/FAREIT
MITIGATION:
Update the latest security patches.
2. CVE-2017-0199
Microsoft office 2007 SP3, Microsoft office 2010 SP2, Microsoft office 2013 SP1, Microsoft office 2016, Microsoft windows vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft office/Wordpad remote code execution vulnerability w/ windows API”.
A remote code exists in a way that an attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs, view, change, or delete data; or create a user account with full user rights.
ASSOCIATED MALWARE:
FINESPY, LATENTBOT, DRIDEX
MITIGATION:
Update the Microsoft products with latent security patches.
3. CVE-2017-5638
The Jakarta multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has an incorrect expectation handling and error message generation during file upload attempts, which allows remote attackers to execute arbitrary commands via crafted Content type, Content-Disposition, or Content-length header, as exploited in the wild in March 2017 with a content-type header containing a #cmd= string.
OVERVIEW:
Apache Struts version 2.3.5 – 2.3.31 and 2.5 – 2.5.10 is vulnerable to code injection leading to remote code execution (RCE).
Due to improper control of the generation of code, an attacker can execute arbitrary OGNL code included in the “Content-type” header of a file upload.
IMPACT:
An unauthenticated attacker can execute arbitrary common with user privileges running Apache Struts.
MITIGATION:
Update Apache struts to 2.3.32 or 2.5.10.1
ASSOCIATED MALWARE:
JexBox.
3. CVE-2018-4878
A use-after-free vulnerability was identified in Adobe flash player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in Prime Time SDK related to media player handling of listener object. A successful attack can lead to arbitrary code execution. This was exploited in the wild January-February 2018.
ASSOCIATED MALWARE:
DOGCALL
MITIGATION:
Update Adobe Flash player installation to the latest version.
4. CVE-2017-8759
Microsoft .NET framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 allow attackers to execute code remotely via document or application, aka “.NET framework remote code execution vulnerability”.
A remote code execution Security vulnerabilities in the .NET framework exists which processes untrusted inputs. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs, change, or delete data; or create new user accounts with full user rights.
To exploit this vulnerability an attacker should convince a user to open a malicious document or application.
ASSOCIATED MALWARE:
FINSPY, FinFisher, WingBird
MITIGATION:
Update the latest security patches which address the vulnerability by .NET untrusted input validation.
REFERENCE:
- Cve.mitre.org
- https://cve.mitre.org/
- https://us-cert.cisa.gov/
written by: Karthik Jogi
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs