Blog

exploit

CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability – An advisory by Quick Heal Security Labs

Estimated reading time: 1 minute

The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform a remote code execution on targeted machines. Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018, to address this issue. According to Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows...

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

Estimated reading time: 4 minutes

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities...

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs

  • 15
    Shares
 February 5, 2018

Estimated reading time: 4 minutes

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2017-11882. Let’s take a look...

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

 February 3, 2018

Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable...

An emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs

  • 41
    Shares
 December 6, 2017

Estimated reading time: 3 minutes

For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions...

WannaCry’s Never Say Die Attitude Keeps It Going!

  • 18
    Shares
 June 22, 2017

Estimated reading time: 3 minutes

Over the past few months, the cybersecurity world was at buzz due to the infamous WannaCry ransomware attack. The attack was launched on a massive scale. The campaign started after the disclosure of NSA exploit leak by a hacker group called Shadow Brokers. Taking advantage of unpatched systems all over...

CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

  • 23
    Shares
 April 14, 2017

Estimated reading time: 2 minutes

The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products...

The Remote Desktop Protocol Vulnerability – ‘CVE-2012-0002’ is not dead yet!

  • 22
    Shares
 December 13, 2016

Estimated reading time: 2 minutes

On March 13, 2012, Microsoft disclosed the details of a ‘critical vulnerability’ called Remote Desktop Protocol Vulnerability – CVE-2012-0002 in its bulletin. And even four years after this vulnerability was patched, it is still being exploited in the wild by attackers to carry out ‘Remote Code Execution’ on their victims...

Stegosploit – A Technique that can Hack your PC Using Just an Image!

  • 2
    Shares
 June 3, 2015

Estimated reading time: 2 minutes

By merely looking at an image in your browser, you can infect your PC with a malware. Know how from the following post. Thanks to a technique called Stegosploit, a hacker can infect your system by simply making you load an image on the Internet. You don’t even have to...