Security
Headlines
HeadlinesLatestCVEs

Headline

Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over

In all, Talos released 22 security advisories regarding Milesight products this month, nine of which have a CVSS score greater than 8, associated with 69 CVEs.

TALOS
#vulnerability#web#microsoft#cisco#java#intel#pdf#buffer_overflow

Wednesday, July 19, 2023 11:07

Since the beginning of July, Cisco Talos has published 40 vulnerability advisories affecting a range of software and hardware, including the Microsoft Edge browser.

In our new series called “Vulnerability Roundup,” we’ll be recapping the vulnerabilities we recently disclosed to provide readers with an overview of what the issue is, how they can remediate and what the potential implications are for users. Our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.

Microsoft Edge memory corruption (TALOS-2023-1747/CVE-2023-36887)

A memory corruption vulnerability exists in the JavaScript implementation of the Adobe Acrobat PDF engine that the Microsoft Edge web browser uses. Talos tested and confirmed that Edge, versions 112.0.1722.58 and 114.0.1776.0 Canary, are affected by this vulnerability.

An attacker could trigger this vulnerability by tricking a user into opening a specially crafted PDF in the browser. This could trigger a type confusion vulnerability, which could allow the adversary to write to arbitrary memory. Microsoft patched this issue on July 13.

The following Snort rules will detect exploitation attempts of this vulnerability: 61874 and 61875. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall or Snort.org.

Multiple vulnerabilities in Milesight UR32L router and MilesightVPN

Talos disclosed multiple vulnerabilities in these products despite no official fix from Milesight, in adherence to Cisco’s vulnerability disclosure policy. Milesight did not respond appropriately during the 90-day period as outlined in the policy.

We have a complete technical breakdown of how an attacker could string some of these vulnerabilities together to completely compromise the UR32L router and MilesightVPN.

In all, Talos released 22 security advisories regarding Milesight products this month, nine of which have a CVSS score greater than 8, associated with 69 CVEs.

Heap buffer overflow vulnerabilities in Diagon text translator

Our researchers discovered two vulnerabilities in the Diagon text interpreter that could cause heap-based buffer overflow conditions. Diagon translates Markdown into several formats, including latex, planar graph and tables.

The Diagon interpreter translates a Markdown text sequence diagram to a graphical sequence diagram.

An adversary could exploit TALOS-2023-1745 (CVE-2023-31194) by sending a specially crafted network request to the targeted device, thereby causing a write access violation. TALOS-2023-1744 (CVE-2023-27390) could be exploited the same way, but in this case, leads directly to the heap-based buffer overflow. Diagon’s maintainer released an update to address these vulnerabilities.

Related news

CVE-2023-36887

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2023-31194: TALOS-2023-1745 || Cisco Talos Intelligence Group

An access violation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE-2023-27390: TALOS-2023-1744 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.

TALOS: Latest News

New PXA Stealer targets government and education sectors for sensitive information