Blog

zero day

CVE-2018-5002 – Adobe Flash Player Stack Buffer Overflow Vulnerability Alert!

  • 2
    Shares
 June 8, 2018

Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-5002 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-19 on June 7, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in limited, targeted attacks and it...

An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)

 February 7, 2018

Estimated reading time: 3 minutes

Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in...

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

 February 3, 2018

Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable...

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

 October 13, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable...

CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 4
    Shares
 September 14, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in .NET Framework vulnerability CVE-2017-8759 enables attackers to perform a Remote Code Execution on the targeted machine. This vulnerability is found to be exploited in the wild through email spam messages loaded with malicious RTF files as an attachment. Microsoft has released a security update on...

CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

  • 19
    Shares
 April 14, 2017

Estimated reading time: 2 minutes

The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products...

CVE-2017-5638 – Apache Struts 2 Remote Code Execution Vulnerability

  • 2
    Shares
 March 14, 2017

Estimated reading time: 2 minutes

The well-known open source web application framework Apache Struts 2 is being actively exploited in the wild allowing hackers to launch a remote code execution attack.  To address this issue, Apache has issued a security advisory and CVE-2017-5638 has been assigned to it. The zero-day bug has been rated with...

Zero-day Vulnerability Hits Microsoft Office – Temporary Patch Available

 November 7, 2013

Estimated reading time: 2 minutes

Microsoft has issued a new security advisory against an exploit that hackers are using to target a zero-day vulnerability in Microsoft Office. A temporary ‘Fix It’ tool has been released by the company; a permanent fix is yet to be rolled out. A pre-existing vulnerability in some versions of Microsoft...