Kaspersky Lab Kaspersky Lab is proud to announce the availability of its Machine-Readable Threat Intelligence Platform, part of the Kaspersky Security Intelligence Services product range.
Monthly Archives: September 2016
Kaspersky Lab Has Patented Technology that Detects Man-in-the-Browser Attacks
Kaspersky Lab has been awarded a new patent for a technology that counteracts the tricks of financial cybercriminals.
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4274; CVE-2016-4274)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4285; CVE-2016-4285)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4283; CVE-2016-4283)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4282; CVE-2016-4282)
A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
Adobe Flash Player Use After Free (APSB16-29: CVE-2016-4279; CVE-2016-4279)
This vulnerability is an instance of a use after free vulnerability. A constraint for exploitation of this vulnerability is that the memory area of the freed object is reused by another object. The mismatch between the old and the new object can provide attacker with an unintended memory access potentially leading to code corruption.
ManageEngine OpManager APMIntegBusinessViewHandler OPM_BVNAME SQL Injection
This vulnerability is due to insufficient validation of the OPM_BVNAME parameter when processing requests sent to APMIntegBusinessViewHandler servlet. A remote, unauthenticated attacker could exploit this vulnerability by sending a web request with a malicious SQL query to the target server. Successful exploitation could lead to arbitrary code execution in the security context of SYSTEM.
Adobe Flash Player Memory Corruption (APSB16-29: CVE-2016-4284; CVE-2016-4284)
A memory corruption vulnerability exist in Adobe Flash Player. The vulnerability is caused by a crafted SWF file which causes an out of bounds memory access. A remote attacker can exploit this issue in order to trigger an access violation exception.
IBM WebSphere Application Server SIP Processing Denial of Service (CVE-2016-2960)
A denial-of-service vulnerability has been reported in IBM WebSphere Application Server. The vulnerability is due to improper validation of SIP messages. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SIP messages to the target server. Successful exploitation results in a denial-of-service condition.