Rewterz Threat Advisory – Mozilla Firefox Multiple Vulnerabilities
March 20, 2019Rewterz Threat Alert – Cardinal RAT Resurfaces with Fresher Attacks
March 20, 2019Rewterz Threat Advisory – Mozilla Firefox Multiple Vulnerabilities
March 20, 2019Rewterz Threat Alert – Cardinal RAT Resurfaces with Fresher Attacks
March 20, 2019Severity
High
Analysis Summary
Following vulnerabilities are known to have been exploited the most in 2018. Despite available patches or updated versions, most users failed to apply the updates and were reportedly attacked by threat actors in 2018.
- CVE-2018-8174, a remote code execution vulnerability that exists in the way that the VBScript engine handles objects in memory. This may cause memory corruption and will lead to code execution in the context of current user. If the user is logged in as an administrator, attackers can also gain system access.
It has been exploited in multiple attacks like 0-day exploits and Cobalt bank robbers attack. - CVE-2017-11882, A vulnerability in the Microsoft’s equation editor (EQNEDT32.EXE) prevalent since November 2000 was identified as CVE-2017–11882 and was patched by Microsoft manually. The bug was not fixed in the source code which is now being exploited by the Cobalt hackers. It has also been exploited in Betabot malware attacks andGhostDNS campaignin which Trusted binaries were abused, along with DLL Hijacking and Code Injection.
- CVE-2017-0199, the MS Office/WordPad remote code execution vulnerability makes use of a logic flaw in MS Word. It popped up in 2016 when an attack was launched using word files as carriers. Something embedded in the files was able to fetch remote malware from the web. The vulnerability has been exploited in multiple zero-day attacks using Microsoft Office documents.
- CVE-2016-0189, scripting engine memory corruption vulnerability in Internet Explorer 11 has been exploited to deliver Grandsoft exploit kit, KaiXin Exploit kit, Magnitude exploit kit, RIG exploit kit, underminer exploit kit, etc.
- CVE-2017-8570 : Microsoft Office allows a remote code execution vulnerability due to the way it handles objects in memory.
- CVE-2018-8373: The scripting engine when handling objects in memory in the Internet Explorer is vulnerable to a Remote Code Execution attack. The attacks involve specially crafted web pages promoted through social engineering. Patched versions have been released by the vendor.
- CVE-2012-0158: It’s a buffer overflow vulnerability in the ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010. Although this vulnerability was patched by Microsoft immediately, most users did not bother to apply the updates.
- CVE-2015-1805: It’s an Android vulnerability exploited to distribute the AndroRAT malware.
- CVE-2017-8750: It’s a vulnerability exploited through Microsoft Office documents to distribute Formbook, Loki and QuasarRAT.
- CVE-2018-4878: It’s a vulnerability in Adobe Flash Player used to distribute Fallout exploit kit, GreenFlash Explloit kit, Hermes Ransomware, Sundown Exploit kit and threadkit exploited kit.
Impact
Remote Code Execution
Memory Corruption
DLL Hijacking
Multiple Malware injection
Multiple Exploit kits
Affected Vendors
Microsoft
Google
Adobe
Affected Products
Internet Explorer
Flashplayer
Microsoft Office
Android
Remediation
Most of these vulnerabilities have been exploited despite available patches because users failed to update the affected products. It is strongly recommended to apply patches for all the above mentioned vulnerabilities or update these products to the latest up-to-date version available.