» 2018 » 4월

CVE-2018-0986

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2018-0986

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Source: CVE-2018-0986

CVE-2017-13270

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13270

A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.

Source: CVE-2017-13270

CVE-2017-18257

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-18257

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

Source: CVE-2017-18257

CVE-2017-13268

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13268

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

Source: CVE-2017-13268

CVE-2017-13269

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13269

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.

Source: CVE-2017-13269

CVE-2017-13265

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13265

A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.

Source: CVE-2017-13265

CVE-2017-13266

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13266

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.

Source: CVE-2017-13266

CVE-2017-13254

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13254

A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.

Source: CVE-2017-13254

CVE-2017-13248

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13248

In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612.

Source: CVE-2017-13248

CVE-2017-13250

Posted on 2018년 4월 5일2018년 4월 5일 by admin

CVE-2017-13250

In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536.

Source: CVE-2017-13250