Vulnerability Research
Vulnerability Spotlight: VMWare Workstation DoS Vulnerability
Today, Talos is disclosing a vulnerability in VMWare Workstation that could result in Denial of Service. VMWare Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical systems concurrently. TALOS-2…
Beers with Talos EP26: Talos is Holding a Conference, and the Evolving Battle at the Edge
Beers with Talos (BWT) Podcast Episode 26 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren’t your thing: www.talosintelligence.com/podcast EP26 Show Notes: Recorded 3/29/18 – Joel is sitting o…
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer’s SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graph…
Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerabilility
Overview Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. Read More >>…
Vulnerability Spotlight: VMWare VNC Vulnerabilities
Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare’s products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which…
Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls
Vulnerabilities discovered by Marcin Noga of Cisco Talos Talos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabilities result in remo…
Vulnerability Spotlight: Arbitrary Code Execution Bugs in Simple DirectMedia Layer Fixed
Today, Talos is disclosing two vulnerabilities that have been identified in the Simple DirectMedia Layer library. Simple DirectMedia Layer (SDL) is a cross-platform development library designed for use in video playback software, emulators, and games by providing low level access to audio, keyboard,…
Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter
This post authored by Marcin Noga with contributions from William Largent Introduction Talos discovers and responsibly discloses software vulnerabilities on a regular basis. Occasionally we publish a deep technical analysis of how the vulnerability was discovered or its potential impact. In a previo…
Vulnerability Spotlight: Multiple Gdk-Pixbuf Vulnerabilities
Today, Talos is disclosing the discovery of two remote code execution vulnerabilities which have been identified in the Gdk-Pixbuf Toolkit. This toolkit used in multiple desktop applications including Chromium, Firefox, GNOME thumbnailer, VLC and others. Exploiting this vulnerability allows an attac…