Latest Advisories Notable Vulnerabilities

  • Arbitrary Memory Read in Libxslt (CVE-2012-2825)
     Advisory Date:  21 July 2015
    This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • This vulnerability is assigned as CVE-2015-2426 and is described as the following:

    Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

  • Arbitrary Memory Read in Libxslt (CVE-2012-2871)
     Severity: :    
     Advisory Date:  21 July 2015
    This vulnerability is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
  • Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
     Severity: :    
     Advisory Date:  16 July 2015
    The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
  • Oracle Java SE Remote Code Execution Vulnerability (CVE-2015-2590)
     Severity: :    
     Advisory Date:  14 July 2015

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

    Trend Micro researcher Brooks Li disclosed details about this vulnerability to Oracle. The said company acknowledged Li’s research contribution.

  • Microsoft addresses the following vulnerabilities in its batch of patches for July 2015:

    • (MS15-058) Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
      Risk Rating: Important

      This security update resolves vulnerabilities in several versions of Microsoft SQL Server. These vulnerabilities, when exploited, may allow remote code execution.


    • (MS15-065) Security Update for Internet Explorer (3076321)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in several versions of Internet Explorer installed on various Windows operating systems. The vulnerabilities could allow remote code execution if exploited successfully by an attacker.


    • (MS15-066) Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3072604)
      Risk Rating: Critical

      This security update resolves a vulnerability in the Windows VB Scripting Engine. Users with administrator rights that are currently logged on in a vulnerable system are most affected by attacks leveraging this vulnerability.


    • (MS15-067) Vulnerability in RDP Could Allow Remote Code Execution (3073094)
      Risk Rating: Critical

      This security update resolves several vulnerabilities in Windows operating systems that have Remote Desktop Protocol (RDP) enabled. The vulnerability, when exploited successfully, could allow remote attackers to execute code on the vulnerable system.


    • (MS15-068) Vulnerabilities in Windows Hyper-V Could Allow Remote Code Execution (3072000)
      Risk Rating: Critical

      This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker must have valid logon credentials on a guest Hyper-V machine in the vulnerable system in order to successfully exploit this vulnerability.


    • (MS15-069) Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)
      Risk Rating: Important

      This security bulletin issues updates on several vulnerabilities in Windows. The vulnerabilities could allow remote code execution on the vulnerable system. An attacker issues a specially crafted .DLL file to exploit these vulnerabilities.


    • (MS15-070) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3072620)
      Risk Rating: Important

      This security update resolves several vulnerabilities in Microsoft Office, most severe of which could cause remote code execution. Users with administrator rights currently logged in on the vulnerable system are more susceptible to the risks of these vulnerabilities.


    • (MS15-071) Vulnerability in Netlogon Could Allow Elevation of Privilege (3068457)
      Risk Rating: Important

      This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker must have access to a primary domain controller (PDC) in order to successfully exploit this vulnerability.


    • (MS15-072) Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
      Risk Rating: Important

      This security update resolves an elevation of privilege vulnerability in Microsoft Windows. It resolves the way the Windows Graphics Component handles bitmap conversions.


    • (MS15-073) Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3070102)
      Risk Rating: Important

      This security update resolves an elevation of privilege vulnerability in Microsoft Windows. An attacker exploits this vulnerability by running a specially crafted application on the vulnerable system.


    • (MS15-074) Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (3072630)
      Risk Rating: Important

      This security update resolves an elevation of privilege vulnerability in Microsoft Windows Installer service. The vulnerability lies in the way the Installer service improperly handles custom action scripts.


    • (MS15-075) Vulnerabilities in OLE Could Allow Elevation of Privilege (3072633)
      Risk Rating: Important

      This security update resolves several vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if exploited one after the other.


    • (MS15-076) Vulnerability in Windows Remote Procedure Call Could Allow Elevation of Privilege (3067505)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows Remote Call Procedure (RPC) authentication. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


    • (MS15-077) Vulnerability in ATM Font Driver Could Allow Elevation of Privilege (3077657)
      Risk Rating: Important

      This security update resolves a vulnerability in Microsoft Windows. When exploited successfully, an attacker may elevate his privileges on the vulnerable system.


  • Adobe Flash Player Vulnerability (CVE-2015-5122)
     Severity: :    
     Advisory Date:  12 July 2015

    This is the a zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. The bug is a Use-After-Free vulnerability involving the methods TextBlock.createTextLine() and TextBlock.recreateTextLine(textLine). If exploited, it could result in a crash that would allow an attacker to take control of the vulnerable system.

    As of this writing, only a proof-of-concept exists; we are continuously monitoring to see if this has been exploited in the wild.

  • Adobe Flash Player Vulnerability (CVE-2015-5123)
     Severity: :    
     Advisory Date:  12 July 2015
    This is the third zero-day vulnerability disclosed from the Hacking Team leak. It affects all versions of Flash Player for Windows, Mac, and Linux. Once successfully exploited, it could cause a crash and may possibly lead an attacker from taking control of the affected system thus compromising its security. Trend Micro detects this as SWF_EKSPLOYT.EDF.
  • A certificate forgery security bypass has been reported in OpenSSL. This is due to incorrectly implemented certificate verification in OpenSSL. An attacker could use a crafted certificate to bypass certain checks. Successful exploitation could allow a remote attacker to bypass intended access restrictions.
  • Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-0349)
     Severity: :    
     Advisory Date:  08 July 2015
    Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.