Latest Advisories Notable Vulnerabilities

  • Samba Remote Code Execution Vulnerability (CVE-2015-0240)
     Severity: :    
     Advisory Date:  08 March 2015
    The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.
  • Openssl RSA Downgrade Vulnerability (CVE-2015-0204)
     Severity: :    
     Advisory Date:  04 March 2015
    The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
  • Unspecified Vulnerability in Oracle Java (CVE-2014-0417)
     Severity: :    
     Advisory Date:  13 February 2015

    This vulnerability allows attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D thus compromising the security of the system. It affects Oracle Java SE 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45.

    Trend Micro was credited by Oracle for disclosing details about this vulnerability.

  • Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS15-009) Security Update for Internet Explorer (3034682)
    Risk Rating: Critical

    This security update resolves one publicly disclosed and forty privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.


  • (MS15-010) Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution (3036220)
    Risk Rating: Critical

    This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or visit an untrusted website that contains embedded TrueType fonts.


  • (MS15-011) Vulnerability in Group Policy Could Allow Remote Code Execution (3000483)
    Risk Rating: Critical

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user with a domain-configured system to connect to an attacker-controlled network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


  • (MS15-012) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3032328)
    Risk Rating: Important

    This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.


  • (MS15-013) Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
    Risk Rating: Important

    This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.


  • (MS15-014) Vulnerability in Group Policy Could Allow Security Feature Bypass (3004361)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker, by way of a man-in-the-middle attack, causes the Group Policy Security Configuration Engine policy file on a targeted system to become corrupted or otherwise unreadable.


  • (MS15-015) Vulnerability in Microsoft Windows Could Allow Elevation of Privilege (3031432)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to leverage the lack of impersonation-level security checks to elevate privileges during process creation. An authenticated attacker who successfully exploited this vulnerability could acquire administrator credentials and use them to elevate privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.


  • (MS15-016) Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3029944)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing a specially crafted TIFF image. This vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.


  • (MS15-017)Vulnerability in Virtual Machine Manager Could Allow Elevation of Privilege (3035898)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Virtual Machine Manager (VMM). The vulnerability could allow elevation of privilege if an attacker logs on an affected system. An attacker must have valid Active Directory logon credentials and be able to log on with those credentials to exploit the vulnerability.


  • Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability
     Severity: :    
     Advisory Date:  04 February 2015
    A flaw exists in Internet Explorer that allows a malicious web page to inject JavaScript code into a third-party frame, bypassing the Same-Origin Policy (SOP). This could allow an attacker to hijack sessions with third-party web sites.
  • Adobe Flash Player Unspecified Vulnerability (CVE-2015-0313)
     Severity: :    
     Advisory Date:  02 February 2015

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015.

    Trend Micro researcher Peter Pi discovered and disclosed details about this vulnerability to Adobe. The said company acknowledged Pi's research contribution.

  • GNU C Library gethostbyname Buffer Overflow Vulnerability (CVE-2015-0235)
     Severity: :    
     Advisory Date:  28 January 2015
    This vulnerability, dubbed as "Ghost," is found in the GNU C Library (also known as glibc). It can be employed by attackers to execute arbitrary code on various Linux operating systems.
  • GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
     Severity: :    
     Advisory Date:  28 January 2015
    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
  • Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0310)
     Severity: :    
     Advisory Date:  27 January 2015
    Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
  • Adobe Flash Player Buffer Overflow Vulnerability (CVE-2015-0311)
     Severity: :    
     Advisory Date:  23 January 2015
    Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. For more details please check TrendLabs Security Intelligence Blog http://blog.trendmicro.com/trendlabs-security-intelligence/flash-greets-2015-with-new-zero-day/