CVE-2016-7200 & CVE-2016-7201 are vulnerabilities in the Chakra JavaScript scripting engine in Microsoft Edge. Reported by Natalie Silvanovich of Google Project Zero, those have been fixed in november 2016 (MS16-129) by Microsoft. Note : No successful exploitation seen despite integration tries. On 2017-01-04 @theori_io released a POC Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201) […]
The CVE-2018-4878 is a bug that allows remote code execution in Flash Player up to 28.0.0.137, spotted in the wild as a 0day, announced by the South-Korean CERT on the 31st of January. Patched on February 6, 2018 with ASPB18-03. Seen in malspam campaign two weeks after, it’s now beeing integrated in Exploit Kits. This […]
The CVE-2018-8174 is a bug that allows remote code execution in the VBScript Engine. Found exploited in the wild as a 0day via Word documents, announced by Qihoo360 on April 20, 2018, patched by Microsoft on May 8, 2018 and explained in details by Kaspersky the day after. A Proof of Concept for Internet Explorer […]
The CVE-2018-15982 is a bug that allows remote code execution in Flash Player up to 31.0.0.153, spotted in the wild as a 0day. Patched on December 05, 2018 with APSB18-42. Underminer: Underminer exploit kit improves in its latest iteration – 2018-12-21 – Malwarebytes Fallout: 2019-01-16 Figure 4: Fallout exploiting CVE-2018-15982 on Windows 7 – 2019-01-16 […]