Tag Archives: Ghostscript

Trending vulnerabilities of July according to Positive Technologies

Leave a reply

Trending vulnerabilities of July according to Positive Technologies.

The SecLab film crew went on vacation. Therefore, there was a choice: to skip the episode of “In the trend of VM” about the July vulnerabilities, or to make a video myself. Which is what I tried to do. And from the next episode we will return to SecLab again.

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:33 Spoofing – Windows MSHTML Platform (CVE-2024-38112)
🔻 02:23 RCE – Artifex Ghostscript (CVE-2024-29510)
🔻 03:55 RCE – Acronis Cyber Infrastructure (CVE-2023-45249)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

На русском

Remote Code Execution vulnerability – Artifex Ghostscript (CVE-2024-29510)

Leave a reply

Remote Code Execution vulnerability - Artifex Ghostscript (CVE-2024-29510)

Remote Code Execution vulnerability – Artifex Ghostscript (CVE-2024-29510). Memory corruption allows to bypass the SAFER sandbox and execute arbitrary code.

Ghostscript is a PostScript and PDF document interpreter. It is used in ImageMagick, LibreOffice, GIMP, Inkscape, Scribus, CUPS, etc. It is available for many OS.

🔻 Ghostscript version 10.03.1, which fixes the vulnerability, was released on May 2.
🔻 On July 2, Codean Labs published a detailed analysis of this vulnerability and PoC. In the video they launch the calculator by opening a special ps file with the ghostscript utility or a special odt file in LibreOffice.
🔻 On July 10, a functional exploit was released on GitHub. And on July 19, a module for Metasploit was released.

👾 The media writes that the vulnerability is being exploited in the wild. However, it’s based on a single microblog post by some Portland developer. 🤷‍♂️ I think more reliable evidence of exploitation in attacks will appear soon.

На русском

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

Leave a reply

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus. Hello everyone! This time, let’s talk about recent vulnerabilities. I’ll start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see the full report here.

The most interesting thing about the September Patch Tuesday is that the top 3 VM vendors ignored almost all RCEs in their reviews. However, there were interesting RCEs in the Office products. And what is most unforgivable is that they did not mention CVE-2021-38647 RCE in OMI – Open Management Infrastructure. Only ZDI wrote about this.

Continue reading