The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Search results for remote code execution

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

November 14, 2018Swati Khandelwal
It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity. Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups. Zero-Day Vulnerability Being Exploited by Cyber Criminals The zero-day vulnerability, tracked as CVE-2018-8589 , which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs. The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code
Microsoft security bulletins for December 2012

Microsoft security bulletins for December 2012

December 12, 2012Mohit Kumar
With the release of the Microsoft security bulletins for December 2012, Company flag total 7 updates for Windows users, where one is rated as critical that could lead to remote code execution, where as other two are rated as important which fix flaws that could result in the operating system's security features being bypassed. All of the IE fixes involve use-after-free memory vulnerabilities. Where as kernel level exploits bundled into mass-exploitation kits is like Blackhole. In addition to IE, Microsoft is fixing a critical flaw in Microsoft Word that could enable attackers to execute remote code. The vulnerability could be exploited by way of a malformed Rich Text Format (RTF) document. Also Fonts can also be used as a potential attack vector, as this Patch Tuesday reveals. A pair of critical font parsing vulnerabilities are being patched this month, one for OpenType and the other for TrueType fonts. Details of all Updates : MS12-077 – All versions of
Adobe Flash Player Update Patches 11 Critical Vulnerabilities

Adobe Flash Player Update Patches 11 Critical Vulnerabilities

March 13, 2015Swati Khandelwal
After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack , now its time to update your Adobe Flash Player. Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security vulnerabilities in its program, most of which potentially allow hackers to remotely execute arbitrary code on vulnerable systems. AFFECTED SOFTWARE All versions prior to the latest version 17.0.0.134 of the Flash Player are affected on Windows and Mac OS X machines. Therefore, Adobe Flash Player installed with Google Chrome, as well as Internet Explorer 10 and 11 on Windows 8 and Windows 8.1, should automatically update to the newest version 17.0.0.134. In addition, Adobe Flash Player 11.2.202.442 for Linux and Flash Player Extended Support Release 13.0.0.269 for Windows and Mac OS X are also affected by the vulnerabilities. So, users of Flash Player on Linux should update
September's Patch Tuesday updates to fix Critical flaws in Windows, IE and Office

September's Patch Tuesday updates to fix Critical flaws in Windows, IE and Office

September 09, 2013Wang Wei
This Tuesday, Microsoft will be releasing its September's Patch Tuesday updates includes 14 bulletins in total, fixing issues in Windows, Office, Outlook, Internet Explorer, SharePoint and FrontPage. In all, there are eight remote code execution flaws in Microsoft Office, Microsoft Server Software, Microsoft Windows, which can allow hackers to gain access to, or take control of an affected system without user prompts or permission. The four critical bulletins affect Sharepoint, Outlook, Internet Explorer and XP and Windows 2003. Bulletien second will address a Remote Code Execution flaw in Microsoft Office that can be triggered simply by previewing an email in Outlook, even without explicitly opening the e-mail. The problem for users is that Outlook automatically displays the content of each email it previews. The remaining 10 bulletins are all rated important by Microsoft, four of them patch remote code execution flaws in Office, while three other privilege escalati
Android Stagefright Exploit Code Released

Android Stagefright Exploit Code Released

September 11, 2015Khyati Jain
Zimperium Mobile Security Labs (zLabs) have been working hard to make Android operating system more safe and secure to use. Zimperium team has publicly released the CVE-2015-1538 Stagefright Exploit , demonstrating the process of Remote Code Execution (RCE) by an attacker. The released exploit is a python code creating an MP4 exploiting the 'stsc' vulnerability dubbed Stagefright. The purpose behind the release is to put penetration testers and security researchers to test and check the vulnerability of the code and analyze the results. Considered as the most critical flaw among all the existing vulnerabilities; the Stagefright flaw is capable of revealing user's information remotely by injecting malicious code, even without any involvements of the user. Two months ago, Zimperium Labs uncovered multiple vulnerabilities in 'libstagefright,' a service attached with the software-based codecs natively in Android smartphones for media playback. The vulnera
Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

June 14, 2017Swati Khandelwal
As part of June's Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month's patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows hacking exploits leaked by the Shadow Brokers in the April's data dump of NSA hacking arsenal . The June 2017 Patch Tuesday brings patches for several remote code execution flaws in Windows, Office, and Edge, which could be exploited remotely by hackers to take complete control over vulnerable machines with little or no interaction from the user. While two of the vulnerabilities have been exploited in live attacks, another three flaws have publicly available proof-of-concept (POC) exploits that anyone could use to target Windows users. Vulnerabilities Under Active Attack The two vul
Dangerous IE browser vulnerabilities, Allows remote code execution !

Dangerous IE browser vulnerabilities, Allows remote code execution !

February 14, 2012Mohit Kumar
Dangerous IE browser vulnerabilities, Allows remote code execution ! Microsoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release. Also, Microsoft is warning all users of its Internet Explorer web browser to immediately apply the latest security patch as a precaution against malicious hacker attacks. Critical fixes would address flaws that could allow remote code execution in Windows, Internet Explorer, .NET Framework, and Silverlight, Microsoft's web development tool. The update is rated "critical" for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows client machines and Microsoft expects to see reliable exploit code published with the next 30 days. Here are the bulletins for February 2012: MS12-008 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) MS12-010 – Cumulative Security Update for Inte
Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

Flickr vulnerable to SQL Injection and Remote Code Execution Flaws

April 14, 2014Wang Wei
Yahoo-owned Flickr , one of the biggest online photo management and sharing website in the world was recently impacted by critical web application vulnerabilities, which left website's database and server vulnerable hackers. Ibrahim Raafat , a security researcher from Egypt has found SQL injection vulnerabilities on  Flickr Photo Books , new feature for printing custom photo books through Flickr that was launched 5 months ago. He claimed to have found two parameters ( page_id , items ) vulnerable to Blind SQL injection and one  (i.e. order_id ) Direct SQL Injection that allowed him to query the Flickr database for its content by the injection of a SQL SELECT statements. A Successful SQL exploitation could allow an attacker to steal the Database and MYSQL administrator password. Furthermore, Flickr's SQL injection flaws also facilitate the attacker to exploit remote code execution on the server and using  load_file("/etc/passwd")   function he was successfu
Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

May 13, 2015Mohit Kumar
This week you have quite a long list of updates to follow from Microsoft, Adobe as well as Firefox. Despite announcing plans to kill its monthly patch notification for Windows 10, the tech giant has issued its May 2015 Patch Tuesday , releasing 13 security bulletins that addresses a total of 48 security vulnerabilities in many of their products. Separately, Adobe has also pushed a massive security update to fix a total of 52 vulnerabilities in its Flash Player, Reader, AIR and Acrobat software. Moreover, Mozilla has fixed 13 security flaws in its latest stable release of Firefox web browser, Firefox 38, including five critical flaws. First from the Microsoft's side: MICROSOFT PATCH TUESDAY Three out of 13 security bulletins issued by the company are rated as 'critical', while the rest are 'important' in severity, with none of these vulnerabilities are actively exploited at this time. The affected products include Internet Explorer (IE),
Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

August 14, 2018Mohit Kumar
Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio. Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release. According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully. Besides this, Microsoft has also addressed 39 important flaws, one moderate and one low in severity. Here below we have listed brief details of a few critical and publically exploited important vulnerabilities: Internet Explorer Memory Co
Apple Releases Dozens of Security Patches for Everything

Apple Releases Dozens of Security Patches for Everything

May 16, 2017Swati Khandelwal
While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple. But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad. Apple on Monday pushed out software updates for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS to fix a total of 67 unique security vulnerabilities, many of which allows attackers to perform remote code execution on an affected system. iOS is 10.3.2 for iPhone, iPad, and iPod Apple's mobile operating system iOS 10.3.2 for the iPhone, iPad and iPod touch addresses 41 security flaws, 23 of which resides in WebKit, including 17 remote code execution and 5 cross-site scripting (XSS) vulnerabilities. Besides this, iOS 10.3.2 also addresses a pair of flaws in iBooks for iOS (CVE-2017-24
Microsoft Issues Software Updates for 17 Critical Vulnerabilities

Microsoft Issues Software Updates for 17 Critical Vulnerabilities

September 11, 2018Swati Khandelwal
Times to gear up your systems and software. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity. This month's security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET, and more. Four of the security vulnerabilities patched by the tech giant this month have been listed as "publicly known" and more likely exploited in the wild at the time of release. CVE-2018-8475: Windows Critical RCE Vulnerability One of the four publicly disclosed vulnerabilities is a critical remote code execution flaw ( CVE-2018-8475 ) in Microsoft Windows and affects all versions Windows operating system, including Windows 10. The Windows RCE vulnerability resides in the way Windows handles specially cra
Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack

Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack

October 11, 2017Swati Khandelwal
As part of its "October Patch Tuesday," Microsoft has today released a large batch of security updates to patch a total of 62 vulnerabilities in its products, including a severe MS office zero-day flaw that has been exploited in the wild. Security updates also include patches for Microsoft Windows operating systems, Internet Explorer, Microsoft Edge, Skype, Microsoft Lync and Microsoft SharePoint Server. Besides the MS Office vulnerability, the company has also addressed two other publicly disclosed (but not yet targeted in the wild) vulnerabilities that affect the SharePoint Server and the Windows Subsystem for Linux. October patch Tuesday also fixes a critical Windows DNS vulnerability that could be exploited by a malicious DNS server to execute arbitrary code on the targeted system. Below you can find a brief technical explanation of all above mentioned critical and important vulnerabilities. Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826) T
Serious, Yet Patched Flaw Exposes 6.1 Million IoT, Mobile Devices to Remote Code Execution

Serious, Yet Patched Flaw Exposes 6.1 Million IoT, Mobile Devices to Remote Code Execution

December 05, 2015Swati Khandelwal
As much as you protect your electronics from being hacked, hackers are clever enough at finding new ways to get into your devices. But, you would hope that once a flaw discovered it would at least be fixed in few days or weeks, but that's not always the case. A three-year-old security vulnerability within a software component used by more than 6.1 Million smart devices still remains unpatched by many vendors, thereby placing Smart TVs, Routers, Smartphones, and other Internet of Things (IoT) products at risk of exploit. Security researchers at Trend Micro have brought the flaw to light that has been known since 2012 but has not been patched yet. Remote Code Execution Vulnerabilities  Researchers discovered a collection of Remote Code Execution (RCE) vulnerabilities in the Portable SDK for UPnP , or libupnp component – a software library used by mobile devices, routers, smart TVs, and other IoT devices to stream media files over a network. The flaws occur du
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.