Showing posts with label Out of bounds read. Show all posts
Showing posts with label Out of bounds read. Show all posts

Wednesday, February 28, 2018

Telspace Systems Security Advisory (TSA-2018-001)

Security Advisory



TSA-2018-001: Microsoft Access Information Disclosure Vulnerability

CVE Number: CVE-2018-0853


 Summary

 An information disclosure vulnerability exists when Microsoft Office Access software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.
Details and crash information

 VCRUNTIME140!memcpy+0x4e:

 72edd1ce f3a4            rep movs byte ptr es:[edi],byte ptr [esi]


 Vendor: Microsoft

Product: Access

Version: 16.0.8625.2127

Vendor URLs:



Vendor Response

 The vendor has patched the vulnerability and released a new version.


Disclosure Timeline

  • 23-11-2017 – Initial Discovery
  • 25-11-2017 – Vendor Notification
  • 19-01-2018 – Vendor Patch
  • 13-02-2018 – Public Disclosure


Credit

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems
at No comments:
Labels: , , , , , , ,

Wednesday, October 11, 2017

Telspace Systems Security Advisory (TSA-2017-005)

Telspace Systems Security Advisory

TSA-2017-005: Internet Explorer Information Disclosure Vulnerability

CVE number
CVE-2017-11790

Summary
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system 

Vendor
Microsoft

Product
Internet Explorer

Version
11.0.15063.540

Vendor URL
https://www.microsoft.com
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790

Details and crash information
iertutil!CreateUriPriv+0x43:
00007ff8`001be203 66391479 cmp word ptr [rcx+rdi*2],dx ds:0000012f`76037000=????








Vendor response



The vendor has patched the vulnerability and released a new version 







Disclosure Timeline



02-08-2017 – Initial Discovery



14-09-2017 – Vendor Notification



10-10-2017 – Vendor Patch



11-10-2017 – Public Disclosure









Credit



This vulnerability was discovered by Dmitri Kaslov of Telspace Systems























at





No comments:
  

















Labels:
,
,
,

















        

      









Subscribe to:
Posts (Atom)