Adobe patched 59 vulnerabilities across five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App on Tuesday.
Monthly Archives: April 2017
Microsoft Patches Word Zero-Day Spreading Dridex Malware
A Microsoft Word zero-day vulnerability is being used to spread the Dridex banking Trojan in attacks that have bypassed mitigation efforts.
CVE-2016-4483
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
CVE-2017-5969
** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states “I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.”
CVE-2016-0779
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.
How The Denver Police Crack And Search Cell Phones
Microsoft Patches Serious Word Bug Targeted By Scammers
US Disrupts Giant Botnet Used For Spam And Ransomware
Travel Routers Are A Hot Mess Of Security Flaws
CVE-2016-5011
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.