Category Archives: IBM

IBM

Microsoft Windows OLE code execution

This particular vulnerability is in the Microsoft Windows OLE package manager.  One of the common exploit paths witnessed is delivered via in a Powerpoint Show file (the .PPTS extension) and renders objects outside the viewable area capable to execute arbitrary code on an impacted system (Windows 2012 Server, Windows Vista, Windows 7 and Windows 8).

GNU Bash environment variables command execution

GNU Bash could allow a remote attacker to execute arbitrary commands on the system, caused by a vulnerability in code evaluating specially crafted environment variables. An attacker could exploit this vulnerability to inject and execute arbitrary shell commands on the system. IBM X-Force is aware internet wide scanning and exploitation attempts targeting this vulnerability.

OpenSSL heartbeat information disclosure

A serious vulnerability in the popular open source cryptographic library OpenSSL has been disclosed and Proof-of-Concept (POC) exploit code is publicly available. This affects deployments using 1.0.1 and 1.0.2-beta releases with TLS heartbeat extension enabled. Successful exploitation allows an attacker to remotely read system memory contents without even needing to log on to the server. It is highly advised to update all the affected products as soon as a patch for the particular product is available and to proactively get updates from the affected vendors.