0-Day Vulnerability

Internet Explorer and Edge Browsers 0-Day Vulnerability Threat Alert

April 4, 2019

Overview

Recently, a foreign researcher announced a 0-day vulnerability with Microsoft Edge and Internet Explorer (IE). Enticing a user to click a malicious link, an attacker could exploit this vulnerability to bypass the same-origin policy of the two kinds of browsers to launch a universal cross-site scripting (UXSS) attack to steal the user’s sensitive information. (more…)

Chrome PDF File Parsing 0-Day Vulnerability Threat Alert

March 12, 2019

1 Vulnerability Overview On February 28, 2019, a security vendor outside of China spotted a 0-day vulnerability in Google’s Chrome browser, which could lead to information disclosure upon a user’s opening of a malicious PDF file using Chrome. Up to now, a number of malicious samples have been found to exploit this vulnerability in the […]

Windows Arbitrary File Read 0-Day Vulnerability Handling Guide

January 7, 2019

1 Vulnerability Overview

Recently, a security researcher with Twitter alias SandboxEscaper, once again, published proof-of-concept (PoC) code for a new 0-day vulnerability affecting Windows. This is the third Windows 0-day vulnerability published by this same researcher since August 2018. The vulnerability made known to the public this time could lead to arbitrary file read. Specifically, it allows low-privileged users or malicious programs to read, but not write into, arbitrary files on a targeted Windows host. Before an official patch is released by Microsoft, all Windows users will be affected by this vulnerability. (more…)