A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file.
Monthly Archives: March 2017
Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0140)
Security feature bypass exists in Microsoft Edge. The vulnerability is due to a breach in the way Microsoft Edge implements SOP (Same Origin Policy) for HTML elements present in other browser windows. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0026)
An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application.
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0015)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 (SMBv1). The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server.
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0020)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
jasper-1.900.13-3.fc25
Security fix for CVE-2016-8654
Security fix for CVE-2016-9262
jasper-1.900.13-3.fc24
Security fix for CVE-2016-8654
Security fix for CVE-2016-9262
USN-3226-1: icoutils vulnerabilities
Ubuntu Security Notice USN-3226-1
13th March, 2017
icoutils vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
icoutils could be made to crash or run programs as your login if it opened
a specially crafted file.
Software description
- icoutils
– Create and extract MS Windows icons and cursors
Details
Jerzy Kramarz discovered that icoutils incorrectly handled memory when
processing certain files. If a user or automated system were tricked into
opening a specially crafted file, an attacker could cause icoutils to
crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
icoutils
0.29.1-2ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-3227-1: ICU vulnerabilities
Ubuntu Security Notice USN-3227-1
13th March, 2017
icu vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in ICU.
Software description
- icu
– International Components for Unicode library
Details
It was discovered that ICU incorrectly handled certain memory operations
when processing data. If an application using ICU processed crafted data,
a remote attacker could possibly cause it to crash or potentially execute
arbitrary code with the privileges of the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.10:
-
libicu57
57.1-4ubuntu0.1
- Ubuntu 16.04 LTS:
-
libicu55
55.1-7ubuntu0.1
- Ubuntu 14.04 LTS:
-
libicu52
52.1-3ubuntu0.5
- Ubuntu 12.04 LTS:
-
libicu48
4.8.1.1-3ubuntu0.7
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.