Three High severity vulnerabilities of the last week
Three high severity vulnerabilities have been discovered in the last week: Execution of arbitrary code in Avast Antivirus, Compromise a system via Unpatched WinRAR and Compromise the system in vtiger.
1. Execution of arbitrary code in Avast Antivirus
Danger: Critical
The number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise
Affected Product: Avast Antivirus
Vulnerable version: Avast Antivirus 2015.10.3.2223, possibly earlier versions
Description:
The vulnerability allows a remote user to compromise a system.
The vulnerability is caused due to an unspecified error in the parser SSL-traffic. This can be exploited to compromise the system.
Link: https://twitter.com/taviso/status/647408764505579520
2. Compromise system with WinRAR
Danger: High
The number of vulnerabilities: 1
Vector operation: Remote
Impact: System Compromise
Affected Product: WinRAR 5.21
Vulnerable Version: WinRAR 5.21, possibly earlier versions
Description:
The vulnerability could allow a remote system compromise pozovatelyu.
The vulnerability exists due to insufficient input validation of HTML-code to the SFX script when the package archive. This can be exploited via a specially crafted SFX-file to execute arbitrary code on the target system.
Note: Successful exploitation requires that a victim to open a malicious archive.
Exploit: WinRAR SFX v5.21 – Remote Code Execution Vulnerability
http://seclists.org/fulldisclosure/2015/Sep/106
3. Compromising the system to vtiger
Danger: High
The number of vulnerabilities: 1
CVE ID: CEE-2015-6000
Vector operation: Remote
Impact: System Compromise
Affected Product: vtiger 6.3.x
Affected versions: vtiger 6.3 and earlier versions
Description:
The vulnerability allows a remote user to compromise a system.
The vulnerability exists due to insufficient input validation in the classroom Settings_Vtiger_CompanyDetailsSave_Action (). A remote authenticated user can use a specially crafted file to execute arbitrary code on the target system.
Manufacturer URL: http://vtiger.com