Results for cve

Threat Research

Incomplete Patch: Another Joomla! Core XSS Vulnerability Is Discovered

A new vulnerability affects Joomla! CMS versions 3.0.0 through 3.8.7. In this blog, I’ll share my analysis of this vulnerability.

By Zhouyuan YangMay 25, 2018

Threat Research

A root cause analysis of CVE-2018-0797 - Rich Text Format Stylesheet Use-After-Free vulnerability

Over the last few months, the Microsoft Security Response Centre (MSRC) has released a number of Windows updates to fix multiple Use-After-Free (UAF) vulnerabilities discovered by FortiGuard Labs. As stated in our previous blog post, we will provide a technical write-up for one of the UAF issues that was rated as critical by MSRC. The issue is assigned to CVE-2018-0797. In this blog post we will share our methodologies in identifying the root cause of the issue, as well as an analysis of the mitigation deployed by Microsoft to address the UAF vulnerability.

By Wayne Chin Yick LowApril 01, 2018

Business and Technology

Fortinet Advisory on New Spectre and Meltdown Vulnerabilities

Earlier this week, it was announced that researchers uncovered two new side channel attacks that exploit newly discovered vulnerabilities found in most CPU processors, including those from Intel, AMD, and ARM. These vulnerabilities allow malicious userspace processes to read kernel memory, thereby potentially causing sensitive kernel information to leak. These vulnerabilities are known as Meltdown and Spectre.

By FortinetJanuary 04, 2018

Threat Research

An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability

FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have also blogged about some samples recently found in spear phishing attack. While there are plenty of articles discussing this vulnerability, most of them are intended for technical readers and primarily focus on how to create proof-of-concept...

By Wayne Chin Yick LowJune 04, 2017

Threat Research

In-Depth Look at New Variant of MONSOON APT Backdoor, Part 1

Three weeks ago, FortiGuard Labs, along with @_ddoxer (Roland de la Paz), using VirusTotal Intelligence queries, spotted a document with the politically themed file name (Senate_panel.doc). This malicious RTF file takes advantage of the vulnerability CVE-2015-1641.

Threat Research

In-Depth Look at New Variant of MONSOON APT Backdoor, Part 2

In part 1 of FortiGuard Labs’ analysis of a new variant of the BADNEWS backdoor, which is actively being used in the MONSOON APT campaign, we did a deep technical analysis of what this backdoor of capable of and how the bad guys control it using the command and control server. In this part of the analysis, we will try to discover who might be behind the distribution of these files.

Threat Research

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

All users of vulnerable versions of the Microsoft Windows Server are encouraged to upgrade to the latest version of this software. Additionally, organizations that have deployed Fortinet IPS solutions are already protected from this vulnerability.

By Honggang RenMarch 23, 2017

Threat Research

Looking Back at Fortinet’s Security Research and Vulnerability Discoveries

In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their...

By Peixue LiFebruary 21, 2017

Threat Research

PHPMailer Powered – Use It, But Also Remember to Update It

At the end of last year, a critical vulnerability in PHPMailer that affected millions of websites – CVE-2016-10033 -  was discovered by Polish security researcher Dawid. This vulnerability allows an attacker to compromise the target’s web application by executing remote code on the vulnerable web server. There are numerous open source web applications that use PHPMailer as their main library for sending emails, including WordPress, Joomla, Yii, SugarCRM… More than a month after PHPMailer released a patch for this critical...

By Tien PhanFebruary 16, 2017

Threat Research

The Analysis of ISC BIND Response Authority Section RRSIG Missing DoS (CVE-2016-9444)

Domain Name System Security Extensions (DNSSEC) secures the Domain Name System (DNS), right? Yes, but that’s not the whole story. DNSSEC can also introduce troubles into your DNS server. Recently, a BIND bug caused by a missing RRSIG record, which is a part of DNSSEC, was fixed by a patch from the Internet Systems Consortium (ISC). This bug affects all versions of BIND recursive servers, and can cause a denial of service (DoS.) This potential DoS vulnerability is caused by a RUNTIME CHECK error in Resolver.c when handling the DNS...

By Dehui YinFebruary 06, 2017