Report Name: Qualys TOP 20 2023 NOT in Joint reportGenerated: 2023-09-07 13:20:12
Product Name | Prevalence | U | C | H | M | L | A | Comment |
---|---|---|---|---|---|---|---|---|
Windows SMB | 1 | 3 | 3 | Windows component | ||||
GNU Bash | 0.9 | 1 | 1 | Bash is the shell, or command language interpreter, for the GNU operating system | ||||
Microsoft Office | 0.8 | 2 | 1 | 3 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |||
Windows VBScript Engine | 0.8 | 1 | 1 | Windows component | ||||
Oracle Java SE | 0.6 | 1 | 1 | 2 | Oracle Java SE | |||
Microsoft Silverlight | 0.5 | 1 | 1 | Microsoft Silverlight | ||||
Oracle WebLogic Server | 0.4 | 1 | 1 | Unified and extensible platform for developing, deploying and running enterprise applications |
Vulnerability Type | Criticality | U | C | H | M | L | A |
---|---|---|---|---|---|---|---|
Remote Code Execution | 1.0 | 8 | 1 | 9 | |||
Authentication Bypass | 0.95 | 1 | 1 | ||||
Denial of Service | 0.7 | 1 | 1 | ||||
Unknown Vulnerability Type | 0 | 1 | 1 |
Source | U | C | H | M | L | A |
---|---|---|---|---|---|---|
Comment | 10 | 2 | 12 |
1. Remote Code Execution - GNU Bash (CVE-2014-6271) - Urgent [983]
Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 11. CVE-2014-6271: Shellshock – Linux Bash Vulnerability Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times) It was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 122693, 13038, 150134 Shellshock (CVE-2014-6271) is a critical vulnerability affecting the Unix Bash shell in many Linux, Unix, and Mac OS systems. It allows remote code execution by misusing Bash’s processing of environment variables, enabling attackers to append and execute malicious commands. It has a high severity score since it can impact multiple devices and applications, risking unauthorized data access or service disruption,
2. Remote Code Execution - Windows SMB (CVE-2017-0143) - Urgent [976]
Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.
3. Remote Code Execution - Windows SMB (CVE-2017-0144) - Urgent [976]
Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.
4. Remote Code Execution - Windows SMB (CVE-2017-0145) - Urgent [976]
Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.
5. Remote Code Execution - Microsoft Office (CVE-2012-0158) - Urgent [954]
Description: The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [saint] Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability, [canvas] Immunity Canvas: MS12_027, [packetstorm] MS12-027 MSCOMCTL ActiveX Buffer Overflow, [seebug] Microsoft Office 内存损坏漏洞(CVE-2015-1641)) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
0.9 | 10 | CVSS Base Score is 9.3. According to Vulners data source | |
1.0 | 10 | EPSS Probability is 0.97286, EPSS Percentile is 0.99785 |
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 3. CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times) It was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023. Qualys Vulnerability Detection (QID): 90793 CVE-2012-0158 is a substantial remote code execution vulnerability in Windows standard controls. An attacker can exploit the flaw by constructing a specially crafted webpage. Upon viewing this webpage, the vulnerability can allow remote code execution, potentially granting the attacker the same rights as the logged-on user. If the user has administrative privileges, this could mean total control of the affected system. Disclosed in 2012, this vulnerability has been notably exploited in various cyber-attacks, enabling attackers to install programs, manipulate data, or create new accounts with full user rights.
6. Remote Code Execution - Microsoft Office (CVE-2017-8570) - Urgent [942]
Description:
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Microsoft Office - Composite Moniker Remote Code Execution Exploit, [exploitpack] Microsoft Office - Composite Moniker Remote Code Execution, [exploitdb] Microsoft Office - 'Composite Moniker Remote Code Execution, [canvas] Immunity Canvas: OFFICE_WSDL) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
1.0 | 10 | EPSS Probability is 0.97337, EPSS Percentile is 0.9982 |
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 4. CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times) It was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023 Qualys Vulnerability Detection (QID): 110300 CVE-2017-8570 is a significant remote code execution vulnerability in Microsoft Office and WordPad. It involves the way these applications handle specially crafted files. It can be exploited by an attacker who convinces a user to open a specially designed file, potentially allowing the attacker to run arbitrary code on the victim’s machine with the same privileges as the logged-in user and serving as a downloader to other high-profile malware.
7. Remote Code Execution - Windows VBScript Engine (CVE-2018-8174) - Urgent [942]
Description: A
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB, Microsoft websites | |
1.0 | 17 | The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Microsoft Internet Explorer 11 Vbscript Code Execution, [zdt] Microsoft Internet Explorer 11 #InternetExplorer #IE (#Windows7 x64/x86) - vbscript Code Execution E, [srcincite] SRC-2019-0009 : Foxit Reader SDK ActiveX Launch Action New Window Command Injection Remote Code Execution Vulnerability, [srcincite] SRC-2019-0010 : Foxit Reader SDK ActiveX URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability) | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Windows component | |
0.8 | 10 | CVSS Base Score is 7.5. According to Microsoft data source | |
1.0 | 10 | EPSS Probability is 0.97445, EPSS Percentile is 0.99917 |
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 12. CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times) It was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 91447 CVE-2018-8174 is a critical vulnerability in Microsoft Windows’ VBScript Engine, enabling remote code execution. Triggered by viewing a malicious website with Internet Explorer or opening a rigged Microsoft Office document, this flaw allows an attacker to manipulate memory objects and execute code. The attacker can fully control the system if the user has administrative rights.
8. Remote Code Execution - Microsoft Silverlight (CVE-2013-0074) - Urgent [904]
Description:
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 13. CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution Vulnerability Trending Over Years: 2023 (8 times) It was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023. Qualys Vulnerability Detection (QID): 90870 CVE-2013-0074 is a remote code execution vulnerability in Microsoft Silverlight, which permits a crafted Silverlight application to access memory unsafely, thereby leading to the execution of arbitrary code under the current user’s security context. If the user has admin rights, the attacker installs programs, alters or deletes data, or generates new accounts with full privileges. The user can be deceived into visiting a malicious website or clicking on a link, commonly through an email or instant message.
9. Authentication Bypass - Oracle WebLogic Server (CVE-2019-2725) - Urgent [891]
Description: Vulnerability in the
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 18. CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times) It was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 150267, 87386 CVE-2019-2725 is a severe remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to execute arbitrary code over a network without user interaction. It was quickly weaponized to install cryptocurrency miners.
10. Denial of Service - Oracle Java SE (CVE-2012-0507) - Urgent [879]
Description: Unspecified vulnerability in the Java Runtime Environment (
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 14. CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability Vulnerability Trending Over Years: 2023 (10 times) It was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023. Qualys Vulnerability Detection (QID): 119956 CVE-2012-0507 is a critical vulnerability in the Java Runtime Environment (JRE) allowing untrusted Java applets to execute arbitrary code outside the Java sandbox. Originating from a flaw in the AtomicReferenceArray class implementation, this vulnerability was exploited by Flashback Trojan in 2012. It was observed to have led to one of the most significant known malware attacks on Apple devices. Attackers can exploit this vulnerability by tricking users into visiting a malicious website hosting a Java applet.
11. Unknown Vulnerability Type - Oracle Java SE (CVE-2012-1723) - Critical [754]
Description: {'ms_cve_data_all': '', 'nvd_cve_data_all': 'Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.', 'combined_cve_data_all': ''}
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 7. CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution Vulnerability Trending Over Years: 2023 (6 times) It was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023. Qualys Vulnerability Detection (QID): 120274 CVE-2012-1723 is a substantial vulnerability found in the Java Runtime Environment. It can be exploited through a malicious web page, hosting a rogue Java applet can be exploited through a malicious web page hosting rogue Java applet. The issue, originating from a type-confusion error in the “HotSpot” component, allows untrusted Java applets or applications to bypass the Java sandbox security restrictions and execute arbitrary code on a user’s system
12. Remote Code Execution - Microsoft Office (CVE-2018-0802) - Critical [740]
Description: Equation Editor in
Component | Value | Weight | Comment |
---|---|---|---|
1.0 | 18 | Exploitation in the wild is mentioned on Vulners (AttackerKB object), AttackerKB, Microsoft websites | |
0 | 17 | The exploit's existence is NOT mentioned on Vulners and Microsoft websites. | |
1.0 | 15 | Remote Code Execution | |
0.8 | 14 | Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer | |
0.8 | 10 | CVSS Base Score is 7.8. According to Vulners data source | |
1.0 | 10 | EPSS Probability is 0.97389, EPSS Percentile is 0.99869 |
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 16. CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times) Exploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 110310 CVE-2018-0802 is a critical vulnerability within Microsoft Office and WordPad, which, if exploited, allows remote code execution via specially crafted files. Attackers can run arbitrary code in the current user’s context, potentially taking over the system if the user holds administrative rights. This vulnerability was notably used in targeted attacks and was being actively exploited before Microsoft released a security update in January 2018 that correctly handles objects in memory, resolving the issue.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 11. CVE-2014-6271: Shellshock – Linux Bash Vulnerability Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times) It was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 122693, 13038, 150134 Shellshock (CVE-2014-6271) is a critical vulnerability affecting the Unix Bash shell in many Linux, Unix, and Mac OS systems. It allows remote code execution by misusing Bash’s processing of environment variables, enabling attackers to append and execute malicious commands. It has a high severity score since it can impact multiple devices and applications, risking unauthorized data access or service disruption,
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 6. CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times) It was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023. Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345 Commonly known as Shadow Broker or MS17-010, or “ETERNALBLUE,” or “ETERNALSYNERGY” or “ETERNAL ROMANCE” is a remote code execution vulnerability in Microsoft’s Server Message Block 1.0 (SMBv1) protocol. The vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server. It was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 3. CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times) It was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023. Qualys Vulnerability Detection (QID): 90793 CVE-2012-0158 is a substantial remote code execution vulnerability in Windows standard controls. An attacker can exploit the flaw by constructing a specially crafted webpage. Upon viewing this webpage, the vulnerability can allow remote code execution, potentially granting the attacker the same rights as the logged-on user. If the user has administrative privileges, this could mean total control of the affected system. Disclosed in 2012, this vulnerability has been notably exploited in various cyber-attacks, enabling attackers to install programs, manipulate data, or create new accounts with full user rights.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 4. CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times) It was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023 Qualys Vulnerability Detection (QID): 110300 CVE-2017-8570 is a significant remote code execution vulnerability in Microsoft Office and WordPad. It involves the way these applications handle specially crafted files. It can be exploited by an attacker who convinces a user to open a specially designed file, potentially allowing the attacker to run arbitrary code on the victim’s machine with the same privileges as the logged-in user and serving as a downloader to other high-profile malware.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 16. CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times) Exploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023. Qualys Vulnerability Detection (QID): 110310 CVE-2018-0802 is a critical vulnerability within Microsoft Office and WordPad, which, if exploited, allows remote code execution via specially crafted files. Attackers can run arbitrary code in the current user’s context, potentially taking over the system if the user holds administrative rights. This vulnerability was notably used in targeted attacks and was being actively exploited before Microsoft released a security update in January 2018 that correctly handles objects in memory, resolving the issue.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 12. CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times) It was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 91447 CVE-2018-8174 is a critical vulnerability in Microsoft Windows’ VBScript Engine, enabling remote code execution. Triggered by viewing a malicious website with Internet Explorer or opening a rigged Microsoft Office document, this flaw allows an attacker to manipulate memory objects and execute code. The attacker can fully control the system if the user has administrative rights.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 13. CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution Vulnerability Trending Over Years: 2023 (8 times) It was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023. Qualys Vulnerability Detection (QID): 90870 CVE-2013-0074 is a remote code execution vulnerability in Microsoft Silverlight, which permits a crafted Silverlight application to access memory unsafely, thereby leading to the execution of arbitrary code under the current user’s security context. If the user has admin rights, the attacker installs programs, alters or deletes data, or generates new accounts with full privileges. The user can be deceived into visiting a malicious website or clicking on a link, commonly through an email or instant message.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 18. CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times) It was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023. Qualys Vulnerability Detection (QID): 150267, 87386 CVE-2019-2725 is a severe remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to execute arbitrary code over a network without user interaction. It was quickly weaponized to install cryptocurrency miners.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 14. CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability Vulnerability Trending Over Years: 2023 (10 times) It was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023. Qualys Vulnerability Detection (QID): 119956 CVE-2012-0507 is a critical vulnerability in the Java Runtime Environment (JRE) allowing untrusted Java applets to execute arbitrary code outside the Java sandbox. Originating from a flaw in the AtomicReferenceArray class implementation, this vulnerability was exploited by Flashback Trojan in 2012. It was observed to have led to one of the most significant known malware attacks on Apple devices. Attackers can exploit this vulnerability by tricking users into visiting a malicious website hosting a Java applet.
Comment: Qualys Top 20 Most Exploited Vulnerabilities: 7. CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution Vulnerability Trending Over Years: 2023 (6 times) It was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023. Qualys Vulnerability Detection (QID): 120274 CVE-2012-1723 is a substantial vulnerability found in the Java Runtime Environment. It can be exploited through a malicious web page, hosting a rogue Java applet can be exploited through a malicious web page hosting rogue Java applet. The issue, originating from a type-confusion error in the “HotSpot” component, allows untrusted Java applets or applications to bypass the Java sandbox security restrictions and execute arbitrary code on a user’s system