vulnerability | Page 2


Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists... [Read More]
by RSS Kai Lu and Kushal Shah  |  Oct 21, 2016  |  Filed in: Security Research
Summary At the beginning of this year, I discovered and reported a Cross-Site Scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM). This month IBM released a security bulletin that contains the fix for this vulnerability. In this blog, I want to share the details of this vulnerability. How to Reproduce To reproduce this vulnerability, you can follow the steps below: Sign into CLM with a user account, such as “chbest2”, with the permission "JazzAdmins". Then create a new user... [Read More]
by RSS Honggang Ren  |  Oct 17, 2016  |  Filed in: Security Research
August ended with the spike in malware activity we predicted last week to welcome everyone back to school and work. Here is a summary of this week’s FortiGuard Threat Intelligence Brief. 1. Ransomware explodes. Ransomware took off this week, filling nine of our weekly top-ten malware detection list slots. Not only that, but while last week our top five detections list amounted to about 2.5 million attempted ransomware infections, this week the top five totaled over 15.5 million ransomware attempts. That more than a 6X increase in a single... [Read More]
by RSS Bill McGee  |  Sep 02, 2016  |  Filed in: Industry Trends & News
The Network Time Protocol Daemon (NTPD) by NTP.org, runs on *nix operation systems. It sets and maintains system time in synchronization with internet standard time servers or local reference clocks. NTPD is shipped with many major server operating systems, routers, and infrastructure devices. CVE-2016-4957 is a high severity vulnerability targeted at the NTPD. It causes a segfault event that causes NTPD to close. If the NTP service stops, it can affect many time-sensitive programs, such as database operations and server groups which need NTP... [Read More]
by RSS Dehui Yin  |  Jun 20, 2016  |  Filed in: Security Research
In this second part article, we analyze two recent vulnerabilities in ISC BIND identified as CVE-2016-1286 and CVE-2016-2088. Based on advisories, these bugs can be triggered using a malformed DNAME record (CVE-2016-1286) or an OPT COOKIE records (CVE-2016-2088). These two bugs share the same attack scenario that can only be triggered when a BIND server makes a request and then receives a malformed response. Based on this requirement, recursive servers are at highest risk to this attack, because it’s not straightforward to ask an authoritative-only... [Read More]
by RSS Amir Zali  |  Apr 01, 2016  |  Filed in: Security Research
The Internet Systems Consortium just released a couple of days ago a new patch (version 9.10.3-P4) to fix some issues in the most popular DNS server software in the world. The release note is available at https://kb.isc.org/article/AA-01363/81/BIND-9.10.3-P4-Release-Notes.html In this series of two articles, we will detail our investigation of these vulnerabilities and how we were able to protect our customers by deploying widely our detection. ISC released a patch for the BIND rndc control channel DoS vulnerability (CVE-2016-1285).... [Read More]
by RSS Dehui Yin  |  Mar 29, 2016  |  Filed in: Security Research
You missed Insomni'hack? You shouldn't have: although there are now something like 700 attendees, it's still a friendly and well organized hacking conference with an interesting mix between wild hackers, CTOs, and CISOs (some being hackers and CISOs at the same time ;). As usual when there are several tracks, you end up with the difficult dilemma of which talks to attend. That's what happened to me when I had to choose between a talk on connected medical devices (close to my own research topics, but probably not very technical)... [Read More]
by RSS Axelle Apvrille  |  Mar 25, 2016  |  Filed in: Industry Trends & News
Summary This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability... [Read More]
by RSS Kai Lu  |  Feb 19, 2016  |  Filed in: Security Research
A few days ago, Oracle announced on their blog that they plan to kill the Java browser plugin in their next major version of JDK, scheduled for release in Q1 2017. What does this mean? Should we worry about our browsing experience? This really just means that it won’t be possible to run Java applets in the browser anymore. The infamous “applet” is a technology that was developed by Sun Microsystems in the 90’s and went on to be acquired by Oracle. This technology was still popular in many exploit kits over the... [Read More]
by RSS David Maciejak  |  Feb 05, 2016  |  Filed in: Industry Trends & News
Two months ago, a Java zero day vulnerability (CVE-2015-4852) that targeted Apache commons collections library was disclosed. This vulnerability is caused by an error when Java applications, which use Apache commons collections library, deserialize objects from untrusted network sources. Let’s take a look: Our Fortinet IPS team immediately created a signature, "Apache.Commons.Collection.InvokerTransformer.Code.Execution", in order to protect our customers, and continues to monitor. Over the last 2 months, since creating the initial... [Read More]
by RSS Dehui Yin  |  Feb 04, 2016  |  Filed in: Security Research