vulnerability spotlight
Vulnerability Spotlight: BlueStacks App Player Privilege Escalation
Discovered by Marcin ‘Icewall’ Noga of Cisco Talos Talos is releasing an advisory for a vulnerability in BlueStacks App Player. (TALOS-2016-0124/CVE-2016-4288). The BlueStacks App Player is designed to enable Android applications to run on Windows PCs and Macintosh computers. It’s commonly used to r…
Vulnerability Spotlight: Oracle’s Outside In Technology, Turned Inside-Out
Vulnerabilities discovered by Aleksandar Nikolic. Blog post authored by Jaeson Schultz and Aleksandar Nikolic. One of the most fundamental tasks performed by many software programs involves the reading, writing, and general processing of files. In today’s highly networked environments, files a…
Vulnerability Spotlight: LibreOffice RTF Vulnerability
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Talos is disclosing the presence of CVE-2016-4324 / TALOS-CAN-0126, a Use After Free vulnerability within the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens…
Vulnerability Spotlight: Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability
Piotr Bania of Cisco Talos is credited with the discovery of this vulnerability. Cisco Talos, in conjunction with Apple’s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel drive…
Vulnerability Spotlight: MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Post authored by Earl Carter and William Largent Talos is disclosing the discovery of an exploitable buffer overflow vulnerability in the the MiniUPnP library TALOS-2015-0035 (CVE-2015-6031). The buffer overflow is present in client-sid…
Vulnerability Spotlight: Microsoft Windows CDD Font Parsing Kernel Memory Corruption
Discovered by Andrea Allievi and Piotr Bania of Cisco Talos. Talos, in conjunction with Microsoft’s security advisory issued on September 8th, is disclosing the discovery of a memory corruption vulnerability within the Microsoft Windows CDD Font Parsing Kernel Driver. This vulnerability was i…
Vulnerability Spotlight: Apple Quicktime Corrupt stbl Atom Remote Code Execution
This post was authored by Rich Johnson, William Largent, and Ryan Pentney. Earl Carter contributed to this post. Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th, is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerab…
1