0-Day Vulnerability

Apache Axis Remote Code Execution 0-Day Vulnerability Handling Guide

June 21, 2019

  1. Vulnerability Overview

Recently, by using the Attack Trend Monitoring system (ATM), the NSFOCUS security team has discovered an Apache Axis remote command execution vulnerability, which allows attackers to obtain privileges of the target server and remotely execute commands without authorization by sending a crafted HTTP-POST request. (more…)

Internet Explorer and Edge Browsers 0-Day Vulnerability Threat Alert

April 4, 2019

Overview

Recently, a foreign researcher announced a 0-day vulnerability with Microsoft Edge and Internet Explorer (IE). Enticing a user to click a malicious link, an attacker could exploit this vulnerability to bypass the same-origin policy of the two kinds of browsers to launch a universal cross-site scripting (UXSS) attack to steal the user’s sensitive information. (more…)

Chrome PDF File Parsing 0-Day Vulnerability Threat Alert

March 12, 2019

1 Vulnerability Overview On February 28, 2019, a security vendor outside of China spotted a 0-day vulnerability in Google’s Chrome browser, which could lead to information disclosure upon a user’s opening of a malicious PDF file using Chrome. Up to now, a number of malicious samples have been found to exploit this vulnerability in the […]

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019

1 Vulnerability Overview

Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, it allows low-privileged users or malicious programs to read, but not write into, arbitrary files on a targeted Windows host. Before an official patch is released by Microsoft, all Windows users will be affected by this vulnerability. (more…)