remote code execution

January 28, 2019

THREAT RESEARCH

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software…

May 31, 2018

THREAT RESEARCH

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilites

Vulnerabilities discovered by Cory Duplantis from Talos. In April 2018, Talos published 5 vulnerabilities in Natus NeuroWorks software. We have also identified 3 additional vulnerabilities. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices c…

February 5, 2018

SECURITY

Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …

Cisco is committed to responsible coordinated disclosure about vulnerabilities, and maintains a very open relationship with the security research community. On January 29, 2018, the Cisco PSIRT learned about public knowledge of a remote code execution and denial of service vulnerability affecting th…

October 31, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple Vulnerabilities in Cesanta Mongoose Server

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Today, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server. Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It i…

October 4, 2017

THREAT RESEARCH

Vulnerability Spotlight: Multiple vulnerabilities in Computerinsel Photoline

These vulnerabilities are discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of multiple vulnerabilities discovered within the Computerinsel GmbH PhotoLine image processing software. PhotoLine, developed by Computerinsel GmbH, is a well established raster and vector graphics…

September 13, 2017

THREAT RESEARCH

Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability

This vulnerability was discovered by Cory Duplantis of Talos Update 9/20/2017: A patch is now available to fix this issue. Overview LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an imple…

May 5, 2017

THREAT RESEARCH

Vulnerability Spotlight: Power Software PowerISO ISO Code Execution Vulnerabilities

These vulnerabilities were discovered by Piotr Bania of Cisco Talos. Today, Talos is releasing details of a new vulnerability discovered within the Power Software PowerISO disk imaging software. TALOS-2017-0318 and TALOS-2017-0324 may allow an attacker to execute arbitrary code remotely on the vulne…

July 19, 2016

THREAT RESEARCH

Vulnerability Spotlight: Apple Remote Code Execution With Image Files

Vulnerabilities discovered by Tyler Bohan of Cisco Talos. Many of the wide variety of file formats are designed for specialized uses within specific industries. Apple offers APIs as interfaces to provide a definitive way to access image data for multiple image formats on the Apple OS X platform. Tal…

January 12, 2016

THREAT RESEARCH

Microsoft Patch Tuesday – January 2016

The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated c…