Cisco Talos

March 13, 2018

THREAT RESEARCH

Microsoft Patch Tuesday – March 2018

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabili…

March 1, 2018

THREAT RESEARCH

Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image

Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer’s SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graph…

February 13, 2018

THREAT RESEARCH

Microsoft Patch Tuesday – February 2018

Microsoft Patch Tuesday – February 2018 Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 o…

January 17, 2018

THREAT RESEARCH

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerabilility

Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Read More >>…

November 15, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls

Vulnerabilities discovered by Marcin Noga of Cisco Talos Talos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabilities result in remo…

September 14, 2017

THREAT RESEARCH

Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter

This post authored by Marcin Noga with contributions from William Largent Introduction Talos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previo…

September 7, 2017

THREAT RESEARCH

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with a…

August 30, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities

Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attac…

August 28, 2017

THREAT RESEARCH

Vulnerability Spotlight: Lexmark Perceptive Document Filters Code Execution Bugs

Overview Talos is disclosing a pair of code execution vulnerabilities in Lexmark Perceptive Document Filters. Perceptive Document Filters are a series of libraries that are used to parse massive amounts of different types of file formats for multiple purposes. Talos has previously discussed in detai…