Security
Headlines
HeadlinesLatestCVEs

Headline

Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution

Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution.

TALOS
#vulnerability#web#mac#microsoft#cisco#java#intel#pdf#buffer_overflow

Wednesday, November 22, 2023 12:00

Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.

Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.

**Adobe Acrobat Reader use-after-free vulnerabilities **

Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.

Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discovered, both of which could lead to arbitrary code execution. Acrobat is one of the most popular PDF readers currently available, especially in the U.S., and many browsers utilize an Acrobat plugin. This means an attacker could trick a user into opening a specially crafted, malicious file in the browser as a file or tricking them into opening it in the desktop application.

a TALOS-2023-1794 (CVE-2023-44336) exists in the Thermometer JavaScript object in Acrobat Reader. An attacker who exploits this vulnerability could use specially crafted JavaScript code to cause a use-after-free vulnerability, which can lead to memory corruption and arbitrary code execution.

TALOS-2023-1842 (CVE-2023-44372) works in the same way, but in this case, the vulnerability affects the page event processing in Acrobat Reader.

**Arbitrary code execution vulnerability in Microsoft Excel **

Discovered by Marcin “Icewall” Noga of Cisco Talos.

Talos discovered a vulnerability in Microsoft Office Professional Plus 2019 (specifically the spreadsheet creation software Excel) that could lead to arbitrary code execution.

Microsoft patched this vulnerability, CVE-2023-36041 (TALOS-2023-1835), as part of its monthly security update earlier this month.

This use-after-free vulnerability exists in the ElementType attribute parsing in Microsoft Office Professional Plus 2019 Excel and could allow an attacker to execute remote code on the targeted machine. An adversary would need to trick the targeted user into opening a specially crafted Excel spreadsheet to exploit this vulnerability.

**6 vulnerabilities in open-source embedded operating system **

Discovered by Kelly Patterson of Cisco Talos.

Cisco Talos recently discovered multiple vulnerabilities in Weston Embedded µC-HTTP, the open-source embedded HTTP server and client module for µC/TCP-IP. µC/TCP-IP is an embedded operating system first developed by Micrium, and is now maintained by Weston Embedded Solutions.

TALOS-2023-1732 (CVE-2023-28391), TALOS-2023-1738 (CVE-2023-28379) and TALOS-2023-1746 (CVE-2023-31247) are memory corruption vulnerabilities that could lead to arbitrary code execution on the targeted device. An adversary could exploit these vulnerabilities by sending a specially crafted packet. There are various mitigation options for these issues, as outlined in Talos’ advisories, that can prevent the exploitation of these vulnerabilities.

TALOS-2023-1726 (CVE-2023-25181) and TALOS-2023-1733 (CVE-2023-27882) both also lead to code execution, but in these cases, are caused by buffer overflows in the operating system triggered by a specially crafted packet.

There is also TALOS-2023-1725 (CVE-2023-24585), an out-of-bounds write vulnerability that could lead to memory corruption. This vulnerability occurs when parsing the method of an HTTP request and could lead to heap corruption.

Related news

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

CVE-2023-44372

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

CVE-2023-36041

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-31247: TALOS-2023-1746 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-25181: TALOS-2023-1726 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-27882: TALOS-2023-1733 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-24585: TALOS-2023-1725 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.

CVE-2023-28391: TALOS-2023-1732 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-28379: TALOS-2023-1738 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

TALOS: Latest News

Malicious QR Codes: How big of a problem is it, really?