Latest Advisories Notable Vulnerabilities

  • Android Mediaserver Vulnerability (CVE-2015-3823)
     Severity: :    
     Advisory Date:  04 August 2015
    < div id="listDescVul"class="pane showpane noborder" >

    Trend Micro researchers discovered this vulnerability in Android devices that could potentially allow attackers to perform Denial of Service (DoS) attacks once successfully exploited. It affects Android versions <4.0.1 Jelly Bean to 5.1.1 Lollipop.

    Attackers need to trick users into installing a malicious app or go to a malicious website in order to download the said bug on their devices.

  • "Stagefright" Android vulnerability (CVE-2015-3824)
     Severity: :    
     Advisory Date:  31 July 2015
    < div id="listDescVul"class="pane showpane noborder" >

    This Android vulnerability known as “Stagefright” can be leveraged by attackers to install a malware on Android devices via a multimedia message (MMS). It affects versions of Android from 4.0.1 to 5.1.1. The said vulnerability, designated with CVE-2015-3824, resides in mediaserver component, which is for handling open media files.

  • Mozilla Firefox Vulnerability (CVE-2015-0817)
     Severity: :    
     Advisory Date:  30 July 2015
    < div id="listDescVul"class="pane showpane noborder" >

    This flaw allows remote attackers to read or write to memory thus allowing the execution of arbitrary code via crafted JavaScript. As such, it compromises the security of the system.

  • < div id="listDescVul"class="pane showpane noborder" >
    This zero-day vulnerability emerged in the Hacking Team leak, which could allow attackers to have remote control of the affected system when exploited successfully. In addition, affected systems can be potentially infected with rootkits and bootkits.
  • Adobe Flash Player Vulnerability (CVE-2015-3104)
     Severity: :    
     Advisory Date:  27 July 2015
    < div id="listDescVul"class="pane showpane noborder" >
    This Adobe Flash vulnerability is used by Angler Exploit Kit as a starting point in the infection chain that spreads a Point-of-Sale (PoS) malware reconnaissance. Trend Micro detects this PoS malware as TROJ_RECOLOAD.A that checks if the infected system is a PoS machine or part of the PoS network.
  • Arbitrary Memory Read in Libxslt (CVE-2012-2825)
     Severity: :    
     Advisory Date:  21 July 2015
    < div id="listDescVul"class="pane showpane noborder" >
    This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • Ознакомиться со статьей   
  • < div id="listDescVul"class="pane showpane noborder" >

    This vulnerability is assigned as CVE-2015-2426 and is described as the following:

    Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

  • Arbitrary Memory Read in Libxslt (CVE-2012-2871)
     Severity: :    
     Advisory Date:  21 July 2015
    < div id="listDescVul"class="pane showpane noborder" >
    This vulnerability is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
     Severity: :    
     Advisory Date:  16 July 2015
    < div id="listDescVul"class="pane showpane noborder" >
    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.