Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 39
Authentication bypass in SolarWinds Orion API
CVE-2020-10148
Improper Authentication
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the SolarWinds Orion API. If an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication. This vulnerability could allow a remote non-authenticated attacker to bypass
authentication and execute API commands which may result in a compromise
of the SolarWinds instance.
Note, this vulnerability is dubbed SUPERNOVA and is being exploited in the wild.
Software: Orion Platform
Known/fameous malware:
SUPERNOVA
Backdoor in SolarWinds Orion Platform
Embedded malicious code (backdoor)
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.
According to SolarWinds, Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1 are affected.
Note, this vulnerability is being actively exploited in the wild in a supply chain attack and is dubbed SUNBURST.
State-backed hackers are targeting government entities and private businesses all over the world in a global supply chain attack, in which they deploy a malicious SolarWinds update to compromise networks, according to a new report from the cybersecurity firm FireEye.
Known/fameous malware:
Behavior:Win32/Solorigate.C!dha
Links:
Improper access control in Easy WP SMTP plugin for WordPress
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can access the debug log after the password reset, grab the reset link and take over the admin account.
Note: The vulnerability is being actively exploited in the wild.
This vulnerability allows a remote attacker to reset admin account passwords.
Software: Easy WP SMTP
This vulnerability allows a remote attacker to reset admin account passwords.
Multiple vulnerabilities in Google Chrome
CVE-2020-16017
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the site isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
Multiple vulnerabilities in Google Chrome
CVE-2020-16013
Improperly implemented security check for standard
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in V8 in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
Multiple vulnerabilities in Apple macOS
CVE-2020-27950
Out-of-bounds read
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to gain access to sensitive kernel information on the system.
Note, this vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/kb/HT211947
Multiple vulnerabilities in Apple macOS
CVE-2020-27932
Type Confusion
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in macOS kernel. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/kb/HT211947
Multiple vulnerabilities in Apple macOS
CVE-2020-27930
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing fonts within the FontParser component. A remote attacker can create a specially crafted document or web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: macOS
Links:
https://support.apple.com/kb/HT211947
Remote code execution in Google Chrome for Android
CVE-2020-16010
Heap-based buffer overflow
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a heap-based buffer overflow when processing untrusted HTML content in UI in Google Chrome on Android. An remote attacker, who had compromised the renderer process, can perform a sandbox escape via a crafted HTML page.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Software: Google Chrome for Android
Links:
https://chromereleases.googleblog.com/2020/11/chrome-for-android-update.html
Multiple vulnerabilities in Google Chrome
CVE-2020-16009
Improperly implemented security check for standard
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
Note, this vulnerability is being actively exploited in the wild.
Software: Google Chrome
Links:
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
Memory corruption in Windows kernel driver
CVE-2020-17087
Buffer overflow
The vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists due to a boundary error within the Windows Kernel Cryptography Driver cng.sys, which exposes a "\Device\CNG" device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
This vulnerability was used in a trageted attacks along with the #VU47741 issue in FreeType library to attack users of Google Chrome.
Software: Windows
This vulnerability was used in a trageted attacks along with the #VU47741 issue in FreeType library to attack users of Google Chrome.
Multiple vulnerabilities in Oracle Solaris
CVE-2020-14871
Improper input validation
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Pluggable authentication module (PAM) component in Oracle Solaris. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
Note, this vulnerability is being actively exploited in the wild.
According to FireEye, the vulnerability is being exploited in the wild by the actor tracked as UNC1945.
Software: Oracle Solaris
Remote code execution in FreeType library
CVE-2020-15999
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with PNG sbit glyphs to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: FreeType
Arbitrary file upload in File Manager plugin for WordPress
CVE-2020-25213
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in wp-file-manager in the "lib/php/connector.minimal.php" and "lib/files/hardfork.php" files. A remote attacker can upload a malicious file and execute it on the server.
Note: The vulnerability is being actively exploited in the wild.
The vulnerability exploitation was detected on September 1st, 2020. The attackers can remotely upload arbitrary files and execute arbitrary code.
Software: File Manager
Links:
https://wpvulndb.com/vulnerabilities/10389/
Denial of service in Cisco IOS XR Software
CVE-2020-3569
Resource exhaustion
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP traffic to the affected device and perform a denial of service (DoS) attack.
Note: this vulnerability is being actively exploited in the wild.On August 31 Cisco has updated the original advisory to indicate the second vulnerability exploited in the wild.
Software: Cisco IOS XR
Denial of service in Cisco IOS XR Software
CVE-2020-3566
Resource exhaustion
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient queue management for Internet Group Management Protocol (IGMP) packets in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software. A remote attacker can trigger resource exhaustion by sending crafted IGMP traffic to the affected device and perform a denial of service (DoS) attack.
Note: this vulnerability is being actively exploited in the wild.
On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.
Software: Cisco IOS XR
On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.
Links:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
Remote code execution in Microsoft Internet Explorer
CVE-2020-1380
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Software: Microsoft Internet Explorer
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
Signature spoofing in Microsoft Windows
CVE-2020-1464
Cryptographic issues
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Windows incorrectly validates file signatures. A remote attacker can create a specially crafted file to bypass implemented security restrictions and successfully load a malicious file.
Note: this vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
Privilege escalation in Microsoft Windows Print Spooler
CVE-2022-38028
Permissions, Privileges, and Access Controls
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.
Note, the vulnerability is being exploited in the wild since at least June 2020 and possibly as early as April 2019.
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.
Software: Windows
Known/fameous malware:
GooseEgg
Stored cross-site scripting in Login/Signup Popup plugin for WordPress
Stored cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: The vulnerability is being actively exploited in the wild.
The vulnerability exploitation was detected on May 14, 2020. The authenticated attackers can inject, via the AJAX API, JavaScript code into the plugin’s settings and use it to target the administrator in the backend of WordPress.
Software: Login/Signup Popup ( Inline Form + Woocommerce )
The vulnerability exploitation was detected on May 14, 2020. The authenticated attackers can inject, via the AJAX API, JavaScript code into the plugin’s settings and use it to target the administrator in the backend of WordPress.
Remote code execution in Elementor Pro plugin for WordPress
Arbitrary file upload
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote authenticated attacker can upload a malicious file and execute it on the blog.
This vulnerability is exploitable if users have open registration, hovewer in conjunction with a vulnerability in Ultimate Addons for Elementor (SB2020051119), it is possible to be exploited, even if the site does not have user registration enabled.
Note: The vulnerability is being actively exploited in the wild.
The vulnerability exploitation was detected on May 06, 2020. The attackers can remotely execute arbitrary code.
Software: Elementor Pro
SQL injection in Sophos XG Firewall/SFOS
CVE-2020-12271
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the User Portal or Admin interfaces. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Note, this vulnerability is being actively exploited in the wild.
The vulnerability exploitation was detected on April 22, 2020. Malware dubbed Asnarök used SQL injection vulnerability to compromise the affected devices and steal users' credentials.
Software: Sophos Firewall
Known/fameous malware:
Asnarök
Remote code execution in Apple iOS
Out-of-bounds write
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. No user interaction is required to execute arbitrary code.
Note, this vulnerability is being actively exploited in the wild.
According to security researchers this vulnerability is being actively exploited since January 2018.
Software: Apple iOS
According to security researchers this vulnerability is being actively exploited since January 2018.
Links:
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Privilege escalation in Microsoft Windows
CVE-2020-1027
Buffer overflow
The vulnerability allows a local user to escalate privilege so the system.
The vulnerability exists due to a boundary error in the Windows Kernel when handling objects in memory. A local user can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027
Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2020-6820
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error caused by a race condition handling ReadableStream. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, this vulnerability is being actively exploited in the wild in targeted attacks.
Software: Mozilla Firefox
Links:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2020-6819
Use-after-free
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error caused by a race condition running the nsDocShell destructor. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, this vulnerability is being actively exploited in the wild in targeted attacks.
Software: Mozilla Firefox
Links:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Remote code execution in Adobe Type Manager Library in Microsoft Windows
CVE-2020-0938
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Remote code execution in Adobe Type Manager Library in Microsoft Windows
CVE-2020-1020
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Windows Adobe Type Manager Library when parsing a specially-crafted multi-master font - Adobe Type 1 PostScript format. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Software: Windows
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020
Multiple vulnerabilities in Merit LILIN DVR devices
Use of hard-coded credentials
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Hard-coded accounts:
root/icatch99
report/8Jg0SR8K50Note, this vulnerability is being actively exploited in the wild since August 2019.
The vulnerability exploitation was uncovered by 360Netlab in August 2019. Several attack groups were using vulnerabilities in Lilin DVR firmware spread Chalubo, FBot, and Moobot botnets.
Software: DHD216A, DHD216, DHD208A, DHD208, DHD204A, DHD204, DHD304A, DHD308A, DHD316A, DHD504A, DHD508A, DHD516A
Known/fameous malware:
Chalubo, FBot, Moobot
The vulnerability exploitation was uncovered by 360Netlab in August 2019. Several attack groups were using vulnerabilities in Lilin DVR firmware spread Chalubo, FBot, and Moobot botnets.
Links:
https://blog.netlab.360.com/multiple-botnets-are-spreading-using-lilin-dvr-0-day-en/
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
CVE-2020-8468
Input validation error
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a content validation escape issue. A remote authenticated attacker can pass specially crafted input to the application and manipulate certain agent client components.
Note: the vulnerability is being actively exploited in the wild.
Vendor reports in the wild exploitation of this vulnerability.
Software: Apex One
Vendor reports in the wild exploitation of this vulnerability.
Links:
https://success.trendmicro.com/solution/000245571
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
CVE-2020-8467
Code Injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the migration tool component. A remote authenticated attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: the vulnerability is being actively exploited in the wild.
Vendor reports in the wild exploitation of this vulnerability.
Software: OfficeScan
Vendor reports in the wild exploitation of this vulnerability.
Links:
https://success.trendmicro.com/solution/000245571
Improper access control in Custom Searchable Data Entry System plugin for WordPress
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application, leading to data modification and deletion, including the potential to delete the entire contents of any table in a vulnerable site’s database.
Note: the vulnerability is being actively exploited in the wild.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify and delete the plugin’s data.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify and delete the plugin’s data.
Stored cross-site scripting in Async JavaScript plugin for WordPress
Stored cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "wp-admin/admin-ajax.php" file with the "aj_steps" AJAX action. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability is being actively exploited in the wild.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
Stored cross-site scripting in 10Web Map Builder for Google Maps plugin for WordPress
Stored cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the plugin’s setup process. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability is being actively exploited in the wild.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
Stored cross-site scripting in Modern Events Calendar Lite plugin for WordPress
Stored cross-site scripting
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in several AJAX actions. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability is being actively exploited in the wild.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers can modify the plugin’s settings.
Improper access control in Flexible Checkout Fields for WooCommerce plugin for WordPress
Improper access control
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and inject new fields and scripts into the WooCommerce checkout page.
Note: the vulnerability is being actively exploited in the wild.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers downloaded Woo-Add-To-Carts plugin on the system and created administrative accounts.
The vulnerability was used in the wild to compromise websites with vulnerable plugin. The attackers downloaded Woo-Add-To-Carts plugin on the system and created administrative accounts.
Multiple vulnerabilities in Google Chrome
CVE-2020-6418
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in V8 component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability is being actively exploited in the wild.
Software: Google Chrome
Remote code execution in Microsoft Internet Explorer
CVE-2020-0674
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scripting engine. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Software: Microsoft Internet Explorer
Links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001
Remote code execution in Mozilla Firefox and Firefox ESR
CVE-2019-17026
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error with StoreElementHole and FallibleStoreElement when processing HTML content in IonMonkey JIT compiler. A remote attacker can create a specially crafted webpage, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
The vulnerability was reported by Qihoo 360 ATA researchers.
Software: Mozilla Firefox
The vulnerability was reported by Qihoo 360 ATA researchers.
Links:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/