Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Mozilla Firefox Multiple Vulnerabilities
March 20, 2019Rewterz Threat Alert – Cardinal RAT Resurfaces with Fresher Attacks
March 20, 2019
Severity
High
Analysis Summary
Following vulnerabilities are known to have been exploited the most in 2018. Despite available patches or updated versions, most users failed to apply the updates and were reportedly attacked by threat actors in 2018.
- CVE-2018-8174, a remote code execution vulnerability that exists in the way that the VBScript engine handles objects in memory. This may cause memory corruption and will lead to code execution in the context of current user. If the user is logged in as an administrator, attackers can also gain system access.
It has been exploited in multiple attacks like 0-day exploits and Cobalt bank robbers attack. - CVE-2017-11882, A vulnerability in the Microsoft’s equation editor (EQNEDT32.EXE) prevalent since November 2000 was identified as CVE-2017–11882 and was patched by Microsoft manually. The bug was not fixed in the source code which is now being exploited by the Cobalt hackers. It has also been exploited in Betabot malware attacks andGhostDNS campaignin which Trusted binaries were abused, along with DLL Hijacking and Code Injection.
- CVE-2017-0199, the MS Office/WordPad remote code execution vulnerability makes use of a logic flaw in MS Word. It popped up in 2016 when an attack was launched using word files as carriers. Something embedded in the files was able to fetch remote malware from the web. The vulnerability has been exploited in multiple zero-day attacks using Microsoft Office documents.
- CVE-2016-0189, scripting engine memory corruption vulnerability in Internet Explorer 11 has been exploited to deliver Grandsoft exploit kit, KaiXin Exploit kit, Magnitude exploit kit, RIG exploit kit, underminer exploit kit, etc.
- CVE-2017-8570 : Microsoft Office allows a remote code execution vulnerability due to the way it handles objects in memory.
- CVE-2018-8373: The scripting engine when handling objects in memory in the Internet Explorer is vulnerable to a Remote Code Execution attack. The attacks involve specially crafted web pages promoted through social engineering. Patched versions have been released by the vendor.
- CVE-2012-0158: It’s a buffer overflow vulnerability in the ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010. Although this vulnerability was patched by Microsoft immediately, most users did not bother to apply the updates.
- CVE-2015-1805: It’s an Android vulnerability exploited to distribute the AndroRAT malware.
- CVE-2017-8750: It’s a vulnerability exploited through Microsoft Office documents to distribute Formbook, Loki and QuasarRAT.
- CVE-2018-4878: It’s a vulnerability in Adobe Flash Player used to distribute Fallout exploit kit, GreenFlash Explloit kit, Hermes Ransomware, Sundown Exploit kit and threadkit exploited kit.
Impact
Remote Code Execution
Memory Corruption
DLL Hijacking
Multiple Malware injection
Multiple Exploit kits
Affected Vendors
Microsoft
Google
Adobe
Affected Products
Internet Explorer
Flashplayer
Microsoft Office
Android
Remediation
Most of these vulnerabilities have been exploited despite available patches because users failed to update the affected products. It is strongly recommended to apply patches for all the above mentioned vulnerabilities or update these products to the latest up-to-date version available.