VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373

A use-after-free (UAF) vulnerability has been discovered in the Windows VBScript engine. Upon successful exploitation an attacker can achieve remote code execution on the target. CVE-2018-8373 has been assigned to track this vulnerability. CVE-2018-8373 is being exploited in the wild similar to CVE-2018-8174. The issue affects Internet explorer 9-11 unless VBScript is disabled by default. … Continue reading “VBScript Engine Use-After-Free Vulnerability : CVE-2018-8373”

Internet Explorer VBScript Use-After-Free Vulnerability: CVE-2018-8174

A Zero-Day vulnerability in VBScript was disclosed to Microsoft. The vulnerability was discovered as an active attack in the wild. The bug is in the VBScript engine used in Windows. Its classified as a Use-After-Free (UAF) vulnerability. CVE-2017-8174 is assigned to track this bug. Currently attackers are exploiting this vulnerability to execute shellcode and PowerShell … Continue reading “Internet Explorer VBScript Use-After-Free Vulnerability: CVE-2018-8174”

Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878

A Zero Day vulnerability in Adobe Flash player has been discovered in the wild. The bug is a use after free vulnerability in the  Adobe Flash MediaPlayer DRM management API, it can be exploited to achieve remote code execution. CVE-2018-4878 has been assigned to track this vulnerability. The affected versions are Adobe Flash Player ActiveX … Continue reading “Adobe Flash Player Zero-Day Vulnerability: CVE-2018-4878”

Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP

Introduction: A user after free (UAF) vulnerability in Apache HTTP causes the server to respond with a corrupted ALLOW header while replying to a HTTP OPTIONS request. The Apache httpd enables attackers to read data from process memory if Limit directive is set for user in .htaccess file or if the file contains mis-configurations. This … Continue reading “Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP”