Cybersecurity threats 2015: Three High severity vulnerabilities of the last week

Posted: October 6, 2015 in Vulnerability News
Tags: , , ,


Vulnerabilities 2014Three High severity vulnerabilities of the last week

Three high severity vulnerabilities have been discovered in the last week: Execution of arbitrary code in Avast Antivirus, Compromise a system via Unpatched WinRAR and Compromise the system in vtiger.

1. Execution of arbitrary code in Avast Antivirus

Danger: Critical
The number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise

Affected Product: Avast Antivirus
Vulnerable version: Avast Antivirus 2015.10.3.2223, possibly earlier versions

Description:

The vulnerability allows a remote user to compromise a system.
The vulnerability is caused due to an unspecified error in the parser SSL-traffic. This can be exploited to compromise the system.

Link: https://twitter.com/taviso/status/647408764505579520

2. Compromise system with WinRAR

Danger: High
The number of vulnerabilities: 1
Vector operation: Remote
Impact: System Compromise

Affected Product: WinRAR 5.21
Vulnerable Version: WinRAR 5.21, possibly earlier versions

Description:

The vulnerability could allow a remote system compromise pozovatelyu.
The vulnerability exists due to insufficient input validation of HTML-code to the SFX script when the package archive. This can be exploited via a specially crafted SFX-file to execute arbitrary code on the target system.

Note: Successful exploitation requires that a victim to open a malicious archive.

Exploit: WinRAR SFX v5.21 – Remote Code Execution Vulnerability
http://seclists.org/fulldisclosure/2015/Sep/106

3. Compromising the system to vtiger

Danger: High
The number of vulnerabilities: 1
CVE ID: CEE-2015-6000
Vector operation: Remote
Impact: System Compromise

Affected Product: vtiger 6.3.x
Affected versions: vtiger 6.3 and earlier versions

Description:

The vulnerability allows a remote user to compromise a system.
The vulnerability exists due to insufficient input validation in the classroom Settings_Vtiger_CompanyDetailsSave_Action (). A remote authenticated user can use a specially crafted file to execute arbitrary code on the target system.

Manufacturer URL: http://vtiger.com


 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s