The Task Scheduler can be made to delete a task after it’s trigger has expired. No check is made to ensure the task file is not a junction which allows arbitrary files to be deleted by the system user leading to EoP.
Monthly Archives: September 2015
Windows NtUserGetClipboardAccessToken Token Leak Redux
The NtUserGetClipboardAccessToken win32k system call exposes the access token of the last user to lower-privileged users. It can also be used to open an anonymous impersonation thread token which normally OpenThreadToken shouldn’t be able to do. This is a bypass of the fix for CVE-2015-0078.
Microsoft Office 2007 OGL.dll ValidateBitmapInfo Bounds Check Failure
A bounds check crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.
Shade Among Top Three Encryptors in Russia; Delivered via Spam, Exploit Kits – SC Magazine
To Catch Ransomware Suspects, Dutch Police Relied on a Russian Security Firm – Motherboard
Under DDoS Attack? Look for Something Worse – Network World
Microsoft Office Excel 2007, 2010, 2013 Use-After-Free With BIFFRecord
Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability.
CVE-2015-6939
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7243
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.