Zero-day vulnerabilities discovered: 1
Input validation error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Code execution vulnerability in ImageMagick was found by Nikolay Ermishkin from Mail.Ru Security Team while researching original report.
Security researcher Behrouz Sadeghipour discovered that the vulnerability was present in the web domain belonging to Polyvore.
The vulnerabilily is dubbed "ImageTragick".
Software: ImageMagick
Links:
https://imagetragick.com/
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
http://blog.trendmicro.com/trendlabs-security-intelligence/imagemagick-vulnerability-allows-remote-c...
http://www.darknet.org.uk/2016/05/multiple-serious-imagemagick-zero-day-vulnerabilities/
http://www.zdnet.com/article/yahoos-polyvore-vulnerable-to-imagemagick-flaw-researcher-receives-litt...
http://www.securityweek.com/yahoo-rewards-researcher-imagemagick-hack
http://sec.sangfor.com.cn:88/vulns/290.html
https://www.helpnetsecurity.com/2016/05/04/imagemagick-zero-day-flaw/
http://www.sangfor.com/source/blog-network-security/696.html
https://arstechnica.com/security/2016/05/exploits-gone-wild-hackers-target-critical-image-processing...
http://www.nickhammond.com/fixing-imagemagick-cve-20163714-with-ansible/
http://www.securityweek.com/attackers-exploit-critical-imagemagick-vulnerability