Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 18

Multiple vulnerabilities in Microsoft Windows
CVE-2015-6175

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when handling of objects in kernel memory. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Windows

Remote code execution in Microsoft Windows Media Center
CVE-2015-2509

Arbitrary code execution

The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper handling of Media Center link (.mcl) files. A remote attacker can create a specially crafted Media Center link (.mcl) file that references malicious code, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in system compromise.

Note: the vulnerability was being actively exploited.

i

This vulnerability is related to a previously unreported zero-day exploit discovered in the Hacking Team leaked emails. Trend Micro researchers (Aaron Luo, Kenney Lu, and Ziv Chang) discovered the exploit and subsequently reported their findings to Microsoft.

Software: Windows Media Center

This vulnerability is related to a previously unreported zero-day exploit discovered in the Hacking Team leaked emails. Trend Micro researchers (Aaron Luo, Kenney Lu, and Ziv Chang) discovered the exploit and subsequently reported their findings to Microsoft.

Multiple vulnerabilities in Microsoft Windows
CVE-2015-2546

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in ATMFD.dll in Win32k.sys. A local attacker can execute a specially crafted program, trigger memory corruption and gain SYSTEM privileges.

Successful exploitation of the vulnerability may result in full control of the vulnerable system.


Note: the vulnerability was being actively exploited.

i

The vulnerability was reported by FireEye researcher Wang Yu.

Software: Windows

The vulnerability was reported by FireEye researcher Wang Yu.

Multiple vulnerabilities in Microsoft Office
CVE-2015-2545

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when parsing malformed images. A remote attacker can create a file containing a specially crafted image file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

CVE-2015-2545 fuels around 17% of attacks in Microsoft Office.

Used to target organisations in China.

Software: Microsoft Office

CVE-2015-2545 fuels around 17% of attacks in Microsoft Office.

Used to target organisations in China.

Remote code execution in Microsoft Internet Explorer
CVE-2015-2502

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling Javascript and HTML tables within the layout cache. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability has been exploited in watering hole attacks against compromised website belonging to an evangelical church in Hong Kong to deliver Korplug malware.

Software: Microsoft Internet Explorer

Known/fameous malware:

Korplug malware.

The vulnerability has been exploited in watering hole attacks against compromised website belonging to an evangelical church in Hong Kong to deliver Korplug malware.

Multiple vulnerabilities in Microsoft Office
CVE-2015-1642

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing Microsoft Office documents. A remote unauthenticated attacker can create a specially crafted Office document, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

i

The vulnerability was discovered by Yong Chuan, Koh of MWR Labs.

Software: Microsoft Office

The vulnerability was discovered by Yong Chuan, Koh of MWR Labs.

Privilege escalation in Microsoft Windows
CVE-2015-1769

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper processing of symbolic links by Mount Manager. By inserting a specially crafted USB device into the system, an attacker can create arbitrary files and execute malicious code with SYSTEM privileges.

Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

Attackers used USB to infect computers with the malware at the Natanz uranium enrichment facility in Iran.
The .LNK vulnerability was also exploited by the Equation Group, uncovered by researchers at Kaspersky Lab.

Software: Windows

Known/fameous malware:

Fanny

Attackers used USB to infect computers with the malware at the Natanz uranium enrichment facility in Iran.
The .LNK vulnerability was also exploited by the Equation Group, uncovered by researchers at Kaspersky Lab.

Remote code execution in Microsoft Windows
CVE-2015-2426

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow in Windows Adobe Type Manager library when processing OpenType fonts. A remote attacker can create a specially crafted document or website with embedded malicious OpenType font, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: the vulnerability was being actively exploited.

i

The exploit code was revealed after Hacking Team data leak.
The vulnerability was reported by FireEye's Genwei Jiang and Google Project Zero's Mateusz Jurczyk.

The vulnerability has being exploited by Eugene Ching of Qavar Security on the January 2015.

Software: Windows

The exploit code was revealed after Hacking Team data leak.
The vulnerability was reported by FireEye's Genwei Jiang and Google Project Zero's Mateusz Jurczyk.

The vulnerability has being exploited by Eugene Ching of Qavar Security on the January 2015.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2015-2425

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The exploit code was revealed after Hacking Team data leak.

Software: Microsoft Internet Explorer

The exploit code was revealed after Hacking Team data leak.

Arbitrary code execution in Microsoft Windows
CVE-2015-2387

Memory corruption

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Adobe Type Manager module (ATMFD.dll). A local attacker can execute a specially crafted application, trigger memory corruption, bypass OS-level sandboxing and execute arbitrary code with SYSTEM privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The exploit code was revealed after Hacking Team data leak.
Public exploit code for this vulnerability became available as part of the Hacking Team leaks on July 5, 2015.

Software: Windows

The exploit code was revealed after Hacking Team data leak.
Public exploit code for this vulnerability became available as part of the Hacking Team leaks on July 5, 2015.

Remote code execution in Microsoft Office
CVE-2015-2424

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when processing Office files. A remote attacker can create a specially crafted Office file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


i

The vulnerability reffers to the APT28 and Operation Pawn Storm and was used in cyber espionage campaign by Tsar Team.

Software: Microsoft Office

Known/fameous malware:

Trojan.Win32.Sofacy.

The vulnerability reffers to the APT28 and Operation Pawn Storm and was used in cyber espionage campaign by Tsar Team.

Multiple vulnerabilities in Microsoft Windows
CVE-2015-2360

Memory corruption

The vulnerability allows a local attacker to obtain elevated privileges on the target system.

The weakness exists due to boundary error. A local attacker can run a specially crafted program to trigger memory corruption and acquire administrative privileges.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Expoited by Duqu 2.0 and used in attack against the Kaspersky Lab to hack their internal networks in early spring 2015.

Software: Windows

Expoited by Duqu 2.0 and used in attack against the Kaspersky Lab to hack their internal networks in early spring 2015.

Multiple vulnerabilities in Microsoft Windows
CVE-2015-1701

Privilege escalation

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control. A local attacker can create a specially crafted application, execute a callback in userspace and use data from the System token to execute arbitrary code on the system with root privileges.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was combined with CVE-2015-3043 to perform Operation "Russian Doll".

Exploited by Russia’s APT28 (Fancy Bear APT) in cyber espionage campaign on the U.S defense contractors, European security companies and Eastern European government entities.

Software: Windows

The vulnerability was combined with CVE-2015-3043 to perform Operation "Russian Doll".

Exploited by Russia’s APT28 (Fancy Bear APT) in cyber espionage campaign on the U.S defense contractors, European security companies and Eastern European government entities.

Multiple vulnerabilities in Microsoft Office
CVE-2015-1641

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling rich text format files. A remote attacker can create a specially crafted RTF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability accounts for nearly 66% of attacks using Office Word.

APT attacks, targeting Tibetans, Uyghurs, human rights groups in Taiwan and Hong Kong, and journalists.

Software: Microsoft Office

The vulnerability accounts for nearly 66% of attacks using Office Word.

APT attacks, targeting Tibetans, Uyghurs, human rights groups in Taiwan and Hong Kong, and journalists.

Two remote code execution vulnerabilities in Microsoft Windows
CVE-2015-0096

Insecure dll. library loading

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the way Microsoft Windows parses shortcuts. A remote attacker can place a specially crafted .dll file along with an icon file on a remote SMB or WebDav share, trick the victim into opening that document and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.

i

According to Trustwave it is a zero-day.
Vulnerability CVE-2015-0096 is a continuation of CVE-2010-2568, which was believed to have been patched by MS10-046. However, it was not completely and we see this with MS15-018. At the time of the patch release there were fully functional exploits for this particular vulnerability.

Software: Windows

According to Trustwave it is a zero-day.
Vulnerability CVE-2015-0096 is a continuation of CVE-2010-2568, which was believed to have been patched by MS10-046. However, it was not completely and we see this with MS15-018. At the time of the patch release there were fully functional exploits for this particular vulnerability.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2015-0071

Security bypass

The vulnerabiity allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to failure to use Address Space Layout Randomization (ASLR). A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass ASLR mechanism and predict memory locations that if connected with another vulnerability allows to execute arbitrary code.

Successful exploitation of this vulnerability results in security bypass on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Allegedly, Chinese hackers combined it with a remote-code execution vulnerability in Adobe Flash to infect visitors to the Forbes website with malware since November, 2014.

Software: Microsoft Internet Explorer

Known/fameous malware:

JS:CVE-2015-0071-A.

Allegedly, Chinese hackers combined it with a remote-code execution vulnerability in Adobe Flash to infect visitors to the Forbes website with malware since November, 2014.

Cross-site scripting in Microsoft Internet Explorer
CVE-2015-0072

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input passed via vectors involving an IFRAME element. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of another website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

CVE-2015-0072 was apparently reported to Microsoft on Oct. 13, 2014, however David Leo disclosed the details of this vulnerability to the popular Full Disclosure security mailing list on Jan. 31, 2015.

Software: Microsoft Internet Explorer

Known/fameous malware:

Exploit: HTML/CVE-2015-0072.A

CVE-2015-0072 was apparently reported to Microsoft on Oct. 13, 2014, however David Leo disclosed the details of this vulnerability to the popular Full Disclosure security mailing list on Jan. 31, 2015.

Privilege escalation in Microsoft Windows
CVE-2015-0016

Path traversal

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient validation of user-supplied input within TS WebProxy Windows component. A remote attacker can trick the victim into downloading a specially crafted file and execute it with privileges of the current user.  

Successful exploitation of the vulnerability may result in full control of the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability was being used in CNACOM campaign targeting government organization in Taiwan.

Software: Windows

Known/fameous malware:

Exploit.Win32.CVE-2015-0016.

The vulnerability was being used in CNACOM campaign targeting government organization in Taiwan.