CVE-2016-0059
published 2016-02-10CVE-2016-0059: The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a…
PriorityP426medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EPSS
23.66%
97.5th percentile
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Fortinet
Leaking Browser URL/Protocol Handlers | FortiGuard Labs
blogs_fortinet·2020-12-03·CVSS 5.3
CVE-2020-15680 [MEDIUM] Leaking Browser URL/Protocol Handlers | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
Leaking Browser URL/Protocol Handlers
By Rotem Kerner | December 03, 2020
FortiGuard Labs Threat Research Report
Affected platforms: Windows, Linux
Impacted parties: Chrome, Firefox and Edge
Impact: Leaking sensitive data
Severity level: Medium
Assigned CVEs: CVE-2020-15680
An important step in any targeted attack is reconnaissance. The more information an attacker can obtain on the victim the greater the chances for a successful exploitation and infiltration. Recently, we uncovered two information disclosure vulnerabilities affecting three of the major web browsers which can be leveraged to leak out a vast range of installed applications, including the presence of security products, allowing a threat actor to gain critical insights on the target.
In t
Fortinet
An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)
blogs_fortinet·2018-08-06·CVSS 7.5
CVE-2018-8174 [HIGH] An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)
FORTIGUARD LABS THREAT RESEARCH
An Analysis of the DLL Address Leaking Trick used by the “Double Kill” Internet Explorer Zero-Day exploit (CVE-2018-8174)
By Dehui Yin | August 06, 2018
“Double Kill” is an Internet Explorer(IE) Zero-Day exploit which was discovered in the wild and fixed in the Microsoft May Patch. It exploits a use-after-free vulnerability of vbscript.dll to execute arbitrary code when a vulnerable system browses a malicious web page via IE. Multiple exploit kits have already added this exploit, and it is still active in the wild.
This use-after-free bug causes a type confusion in vbscript.dll, which allows the attacker to access and overwrite the whole user space memory address. However, before the shellcode can be finally executed, the attacker has to get the address o
Fortinet
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
blogs_fortinet·2017-06-14
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
FORTIGUARD LABS THREAT RESEARCH
WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server
By Honggang Ren | June 14, 2017
Summary
In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft is recommending that users replace WINS with DNS.
This vulnerability affects Windows Server 2008, 2012, and 2016
Fortinet
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
blogs_fortinet·2017-03-23·CVSS 8.1
CVE-2017-0104 [HIGH] iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
FORTIGUARD LABS THREAT RESEARCH
iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server
By Honggang Ren | March 23, 2017
Summary
In November 2016, as part of my FortiGuard research work, I discovered and reported on an iSNS server memory corruption vulnerability in Microsoft Windows Server. On patch Tuesday of March 2017, Microsoft released the Security Bulletin MS17-012 that contain the fix for this vulnerability and identifies it as CVE-2017-0104.
This vulnerability could lead to remote code execution, and is rated as critical by Microsoft. The vulnerability affects Windows Server 2008, 2012, and 2016 versions. Microsoft recommends installing this update immediately.
In this blog I will share the details of this vulnerability.
How to Reproduce
To reproduce the vulne
Fortinet
Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader
blogs_fortinet·2016-10-21·CVSS 9.8
CVE-2016-6939 [CRITICAL] Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader
FORTIGUARD LABS THREAT RESEARCH
Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader
By Kai Lu and Kushal Shah | October 21, 2016
Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016.
CVE-2016-6939
This vulnerability was discovered by Kai Lu.
CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists in the MakeAccessible plugin due to missing length checks.
Attackers can exploit the vulnerab
Fortinet
Analysis of CVE-2016-2414 - Out-of-Bound Write Denial of Service Vulnerability in Android Minikin Library
blogs_fortinet·2016-04-13·CVSS 6.2
CVE-2016-2414 [MEDIUM] Analysis of CVE-2016-2414 - Out-of-Bound Write Denial of Service Vulnerability in Android Minikin Library
FORTIGUARD LABS THREAT RESEARCH
Analysis of CVE-2016-2414 - Out-of-Bound Write Denial of Service Vulnerability in Android Minikin Library
By Kai Lu | April 13, 2016
Google fixed a denial of service vulnerability in Minikin library (CVE-2016-2414) with the Android patches of this month. I reported this vulnerability to Google in early March, 2016 and Google confirmed it was a duplicated report of bug 26413177 which had been reported by another researcher in November, 2015.
In this blog, we will provide an in-depth analysis of this vulnerability. It exists because the Minikin library fails to parse .TTF font files correctly. As a result, it could allow a local attacker to temporarily block access to an affected Android device. The attacker could have an untrusted font file loaded, causing
Fortinet
Microsoft Azure Security Center & Fortinet: Scaling Security & Securing the Cloud
blogs_fortinet·2016-02-25
Microsoft Azure Security Center & Fortinet: Scaling Security & Securing the Cloud
INDUSTRY TRENDS & INSIGHTS
Microsoft Azure Security Center & Fortinet: Scaling Security & Securing the Cloud
By Richard Henderson | February 25, 2016
What do you get when you combine the world’s most widely deployed NGFW with the largest scalable infrastructure and then add-in unmatched granular visibility, control, threat prevention and a whole lot of other DevOps capabilities? You get a scalable, secure, and easy to use cloud infrastructure that customers can migrate to or build their workloads on with confidence. Microsoft Azure announced their Azure Security Center (ASC) program in September 2015 (after having been used in a preview form by thousands of customers) with the objective of enabling enterprise-class security across the full scope of environments that customers demand – wh
Fortinet
Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
blogs_fortinet·2016-02-19·CVSS 7.8
CVE-2016-0059 [HIGH] Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
FORTIGUARD LABS THREAT RESEARCH
Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
By Kai Lu | February 19, 2016
Summary
This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability,
Fortinet
Deep Analysis of CVE-2016-0010 - Microsoft Office RTF File Handling Heap Overflow Vulnerability
blogs_fortinet·2016-01-20·CVSS 7.8
CVE-2016-0010 [HIGH] Deep Analysis of CVE-2016-0010 - Microsoft Office RTF File Handling Heap Overflow Vulnerability
FORTIGUARD LABS THREAT RESEARCH
Deep Analysis of CVE-2016-0010 - Microsoft Office RTF File Handling Heap Overflow Vulnerability
By Kai Lu | January 20, 2016
Summary
On the patch Tuesday of this month, Microsoft patched 3 Office vulnerabilities in MS16-004. The vulnerability CVE-2016-0010 was discovered by myself and Fortinet's threat research team at the FortiGuard Labs. It is a heap overflow vulnerability in Microsoft Office because it fails to parse RTF documents correctly. Successful exploitation of this vulnerability could allow malicious users to create remote code execution scenarios. The underlying problem involves a typical heap overflow caused by a user-supplied value which is copied into a buffer allocated based on a user-supplied length. In this blog, I want to analyze the ro
Bugzilla
CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality
bugzilla·2016-02-09·CVSS 6.5
CVE-2016-1523 [MEDIUM] CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality
CVE-2016-1523 graphite2: Heap-based buffer overflow in context item handling functionality
An exploitable heap-based buffer overflow was found in the context item handling functionality of Libgraphite. A specially crafted font can cause a buffer overflow resulting in potential code execution. An attacker can provide a malicious font to trigger this vulnerability.
External Reference:
http://www.talosintel.com/reports/TALOS-2016-0059/
Discussion:
Created graphite2 tracking bugs for this issue:
Affects: fedora-all [bug 1305814]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:0197 https://rhn.redhat.com/errata/RHSA-2016-0197.html
---
This issue has been addressed in the follo
2016-02-10
Published