Microsoft Edge is the most commonly used web browser among the Windows user. It is the default browser in Windows. So, it is not strange if an attacker tries to hack the Commonly used web browser. Vulnerability Details: “An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory.” … Continue reading “Microsoft Edge based on Edge HTML Information Disclosure Vulnerability”
Tag: Information Disclosure
Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)
Summary: In the month of February,2020, among MSPT, Windows Modules Installer Service improperly discloses file information., resulting into an information disclosure vulnerability. Description: Logging onto an affected system and run a crafted application would lead to this information disclosure vulnerability. The TrustedInstaller service running on the Microsoft Windows operating system hosts a COM service called … Continue reading “Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0728)”
Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022
Introduction: An Information disclosure vulnerability was found in the Microsoft XML services, the vulnerability can be exploited to detect files on target machines. The bug is fixed in MS17-022. The exploit uses an XMLDOM object to call res (Microsoft HTML Resource pluggable protocol) URL protocol. By default the support for res protocol is disabled so if you open … Continue reading “Microsoft XML Information Disclosure Vulnerability – CVE-2017-0022”
Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability
Introduction: Recently, IoT devices have been used to create large-scale botnet of devices that can execute crippling distributed denial-of-service (DDoS) attacks. Because many IoT devices are unsecured or weakly secured, which allows the bot to access hundreds of thousands of devices. The IoT devices affected in the latest incidents were primarily home routers, network-enabled cameras, … Continue reading “Netgear DGN2200, DGND3700 and WNDR4500 Sensitive Information Disclosure Vulnerability”
IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK
Introduction: The success of an exploit kit depends on many parameters infecting effective targets, avoiding honeypots, sandboxes and researchers who are always on the lookout for new exploit kits and expose it to world. An exploit kit that is stealthy will have a longer life time and gains more reputation. This is reflected in an EK’s capability … Continue reading “IE Information Disclosure 0-day used in Malvertising campaigns and Neutrino EK”