SSD Advisory – Chrome Turbofan Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59.

Chrome browser is affected by a type confusion vulnerability. The vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and therefore allows to access objects as if they were values by reading them as if they were values (thus receiving their in memory address) or vice-versa to write values into an object array and thus being able to fake objects completely.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Google was informed of the vulnerability, and a ticket has been opened: https://bugs.chromium.org/p/chromium/issues/detail?id=746946, because the vulnerability stopped working in Chrome 60 – Google has no plan to address it as a security advisory/patch.

Continue reading SSD Advisory – Chrome Turbofan Remote Code Execution

SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124.

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released patches to address this vulnerability.

For more information: http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/DC/dccontinuousaug2017.html#dccontinuousaugusttwentyseventeen

CVE: CVE-2017-11220

Continue reading SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in D-Link 850L router.

The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310.

The vulnerabilities found in D-Link 850L are:

  • Remote Command Execution via WAN and LAN
  • Remote Unauthenticated Information Disclosure via WAN and LAN
  • Unauthorized Remote Code Execution as root via LAN

Credit
The vulnerabilities were found by the following researchers, while participating in Beyond Security’s Hack2Win competition:

  • Remote Command Execution via WAN and LAN: Zdenda
  • Remote Unauthenticated Information Disclosure via WAN and LAN: Peter Geissler
  • Unauthorized Remote Code Execution as root via LAN: Pierre Kim

Vendor response
The vendor has released patches to address this vulnerabilities (Firmware: 1.14B07 BETA).
For more details: http://support.dlink.com/ProductInfo.aspx?m=DIR-850L

Continue reading SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a Remote Code Execution found in Synology Photo Station versions 6.7.3-3432 and earlier / 6.3-2967 and earlier.

Personal Photo Station is an online photo album with blog owned and managed by a DSM user. Synology NAS provides the home/photo folder for you to store photos and videos that you want to share. The system will create index thumbnails of the photos and videos automatically, and then people can view photo albums via a web browser.

Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released patches to address this vulnerability.

For more details: https://www.synology.com/zh-tw/support/security/Synology_SA_17_34_PhotoSation

CVE’s:

  • CVE-2017-11151
  • CVE-2017-11152
  • CVE-2017-11153
  • CVE-2017-11154
  • CVE-2017-11155

Continue reading SSD Advisory – Synology Photo Station Unauthenticated Remote Code Execution