Ubuntu Security Notice 3235-1 – It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Monthly Archives: March 2017
xen-4.7.2-2.fc25
Cirrus VGA Heap overflow via display refresh [XSA-211, CVE-2016-9603] (#1432041)
Qemu: usb: an infinite loop issue in ohci_service_ed_list [CVE-2017-6505] (#1429433)
Microsoft Windows "LoadUvsTable()" Buffer Overflow Vulnerability
Posted by Hossein Lotfi on Mar 16
Hello,
The details of this vulnerability can be found here if interested:
Microsoft initially tried to fixed the issue in MS16-147, but the fix was
incomplete and the issue remained unpatched til Microsoft March 2017 patch
release.
https://twitter.com/hosselot/status/809059287037251584
It appears MS17-013…
Windows DVD Maker XML External Entity File Disclosure
Posted by hyp3rlinx on Mar 16
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec
Vendor:
=================
www.microsoft.com
Product:
=================
Windows DVD Maker
v6.1.7
Windows DVD Maker is a feature you can use to make DVDs that you can watch
on a computer or on a TV using a regular DVD player….
Axis Camera Multiple Vulnerabilities
Posted by David Wearing on Mar 16
Introduction
============
Vulnerabilities were identified in the camera software by Axis. These were
discovered during a black box assessment and therefore the vulnerability
list should not be considered exhaustive; observations suggest that it is
likely that further vulnerabilities exist.
Affected Software And Versions
==============================
Model P1204, software versions <= 5.50.4
Model P3225, software versions <= 6.30.1…
USB Pratirodh XML External Entity Injection Vulnerability
Posted by Sachin Wagh on Mar 16
Vulnerability Title: USB Pratirodh XML External Entity Injection
Vulnerability
Affekted Product: USB resistance
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : CVE-2017-6895
Severity: Medium
Class: Twentieth [CWE-611]
Impact: XML External Entity, Information Disclosure, Denial Of Service,
Author: Sachin Wagh (@tiger_tigerboy)
*Description:*
USB Pratirodh is prone to an XML External Entity injection vulnerability.
XXE…
USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
Posted by Sachin Wagh on Mar 16
Vulnerability Title: USB Pratirodh Insecure Password Storage Information
Disclosure Vulnerability
Affekted Product: USB resistance
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : CVE-2017-6911
Severity: Medium
*Description:*
USB Pratirodh is prone to sensitive information disclosure. Its Store
sensitive information such as username and password hash in usb.xml file.
An attacker with physical access to the system can…
Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)
Posted by Sachin Wagh on Mar 16
Vulnerability Title: Skype Insecure Library Loading Vulnerability
(api-ms-win-core-winrt-string-l1-1-0.dll)
Affected Product: Skype
Vendor Homepage: https://www.microsoft.com/en-us/
MSRC Case 32355 TRK:0001002846
CVE-ID : CVE-2017-6517
Severity: Medium
*Description:*
Microsoft Skype contains a DLL hijacking vulnerability that could allow an
unauthenticated attacker to execute arbitrary code on the targeted system.
This vulnerability exists due…
Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017
On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.
Partner or perish: Why SMBs need MSPs
We were surprised by a recent research report that found enterprises are moving more quickly to managed security service providers (57 percent to provide 24×7 IT systems monitoring, 45 percent for threat detection and intelligence, and 41 percent for technology assessment and analysis). The results were surprising because SMBs are facing even more threats than enterprises, and they have less resources – tools, skills, and personnel.
