Zero-day vulnerabilities discovered: 8
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This vulnerability was being actively exploited by the Stuxnet in Duqu attack.
Software: Windows
Known/fameous malware:
Win32/Exploit.CVE-2011-3402.G
W32.Duqu
Links:
https://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25272
https://media.ccc.de/v/29c3-5417-en-cve_2011_3402_analysis_h264
https://securelist.com/blog/incidents/31445/the-mystery-of-duqu-part-two-23/
https://securingtomorrow.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%e2%80%93-further-tales...
https://technet.microsoft.com/library/security/2639658
https://technet.microsoft.com/library/security/ms11-087
https://blogs.technet.microsoft.com/msrc/2011/11/03/microsoft-releases-security-advisory-2639658/
https://www.f-secure.com/v-descs/exploit_w32_cve_2011_3402_a.shtml
https://krebsonsecurity.com/tag/cve-2011-3402/
http://yomuds.blogspot.com/2012/11/cve-2011-3402-and-cool-exploit-kit_28.html
http://blog.crysys.hu/2013/01/encryption-related-to-duqu-font-expoit-cve-2011-3402/
https://blogs.forcepoint.com/security-labs/cve-2011-3402-vulnerability-truetype-font-parsing
https://www.totaldefense.com/security-blog/tag/cve-2011-3402
Denial of service
The vulnerability allows a remote attacker to cause DoS conditions on the target system.Software: Windows
Privilege escalation
The vulnerability allows a local user to gain elevated privileges on the target system.
The vulnerability exists due to improper validation of input passed from user mode to the kernel in the Ancillary Function Driver (afd.sys). By running a malicious application, a local attacker with valid login credentials can execute arbitrary code with system privileges.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Windows
Links:
https://technet.microsoft.com/en-us/library/security/ms11-046.aspx
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
https://www.manageengine.com/products/desktop-central/patch-management/Windows-7-Ultimate-Edition/Wi...
http://www.hackingtutorials.org/exploit-tutorials/mingw-w64-how-to-compile-windows-exploits-on-kali-...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.According to experts from M86, this vulnerability was exploited in targeted attacks before the official patch release from Microsoft.
Software: Microsoft Internet Explorer
Links:
http://news.softpedia.com/news/Recently-Patched-IE-Flaw-Exploited-as-Zero-Day-208646.shtml
http://digcert.com/docs/symantec/symantec_report_2012.htm
http://securityaffairs.co/wordpress/44749/cyber-crime/operation-dust-storm.html
https://technet.microsoft.com/en-us/library/security/ms11-050.aspx
Improper input validation
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to improper managing of Keyboard Layout files by the kernel-mode driver (win32k.sys). A local attacker can execute arbitrary code on vulnerable system with SYSTEM privileges.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Note: the vulnerability was being actively exploited.
According to Trustwave this is a zero-day.
A private exploit has been developed by Cr4sh and been published 2 weeks after the advisory.
CVE-2012-0181 fixes an issue alluded to on exploitdb site on Nov. 21, 2011, fixed July 10, 2012.
Software: Windows
Links:
https://technet.microsoft.com/en-us/library/security/ms12-034
https://blogs.technet.microsoft.com/srd/2012/05/08/ms12-034-duqu-ten-cves-and-removing-keyboard-layo...
https://www.symantec.com/security_response/vulnerability.jsp?bid=53326
http://www.zdnet.com/article/linux-trailed-windows-in-patching-zero-days-in-2012-report-says/
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This vulnerability was reported to iDefense by anonymous. NSS was ready to pay for exploit for this vulnerability $100-500.
The vulnerability was used to compromise Philippines human rights website.
Software: Microsoft Internet Explorer
Known/fameous malware:
Exploit:Win32/CVE-2011-0094.A
Links:
https://technet.microsoft.com/en-us/library/security/ms11-018.aspx
http://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles...
http://krebsonsecurity.com/tag/cve-2011-0094/
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/1971/layouts-handling-memory-co...
http://telussecuritylabs.com/threats/show/TSL20110414-01
https://www.symantec.com/connect/tr/blogs/government-and-human-rights-websites-fall-victim-targeted-...
http://www.infoworld.com/article/2620728/security/nss-labs-offers-reward-money-for-fresh-exploits.ht...
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability exists due to insufficient sanitization of user-input passed via MIME-formatted requests for content blocks within a document. A remote attacker can trick the victim to follow a specially crafted "MHTML:" link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
The vulnerability was originally disclosed on the WooYun website.
Software: Windows
Known/fameous malware:
exploit:win32/cve-2011-0096 trojan horse.
Links:
https://technet.microsoft.com/library/security/ms11-026
https://blogs.technet.microsoft.com/srd/2011/01/28/more-information-about-the-mhtml-script-injection...
https://blogs.technet.microsoft.com/msrc/2011/01/28/microsoft-releases-security-advisory-2501696/
http://blog.qisupport.com/exploitwin32cve-2011-0096-trojan-virus-how-to-remove/
https://www.removemalwaretip.com/windows-8/clear-exploitwin32cve-2011-0096-trojan-from-your-windows-...
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=62646
https://blog.qualys.com/laws-of-vulnerabilities/2011/01/27/microsoft-advisory-on-client-side-xss-250...
https://blogs.forcepoint.com/security-labs/month-threat-webscape-march-2011
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was firstly disclosed by VUPEN in January 22, 2011.
This issue was disclosed as part of the Pwn2Own 2011 contest.
Using this vulnerability Irish security researcher Stephen Fewer successfully hacked into a 64-bit Windows 7 (SP1) running Internet Explorer 8 to win CanSecWest hacker challenge ($15,000 cash prize and a new Windows laptop) in March 9-11 in Vancouver, British Columbia.
The issue has been introduced in 03/05/2008.
Software: Microsoft Internet Explorer
Known/fameous malware:
Exploit:JS/CVE-2011-1345.
Links:
https://technet.microsoft.com/en-us/library/security/ms11-018
http://www.computerworld.com/article/2506697/cybercrime-hacking/safari--ie-hacked-first-at-pwn2own.h...
https://twitter.com/aaronportnoy/statuses/45642180118855680
http://www.zdnet.com/article/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/
https://archive.cert.uni-stuttgart.de/bugtraq/2011/04/msg00159.html
https://packetstormsecurity.com/files/100469/Microsoft-Internet-Explorer-Property-Change-Memory-Corr...