CVE-2019-8453
published 2019-04-17CVE-2019-8453: Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local…
PriorityP417medium5.5CVSS 3.0
AVLACLPRLUINSUCNINAH
EPSS
0.32%
23.8th percentile
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkpoint | zonealarm | <= 15.4.062 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Securelist
Sodin ransomware exploits Windows vulnerability and processor architecture
blogs_securelist·2019-07-03·CVSS 7.8
CVE-2018-8453 [HIGH] Sodin ransomware exploits Windows vulnerability and processor architecture
Authors
Orkhan Mamedov
Artur Pakulov
Fedor Sinitsyn
When Sodin (also known as Sodinokibi and REvil) appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers . In a detailed analysis, we discovered that it also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows (rare among ransomware), and uses legitimate processor functions to circumvent security solutions.
According to our statistics, most victims were located in the Asia-Pacific region: Taiwan, Hong Kong, and South Korea.
Geographic spread of Sodin ransomware, April – June 2019
## Technical description
## Vulnerability exploitation
To escalate privileges, Trojan-Ransom.Win32.Sodin uses
Securelist
New zero-day vulnerability CVE-2019-0859 in win32k.sys
blogs_securelist·2019-04-15·CVSS 7.8
[HIGH] New zero-day vulnerability CVE-2019-0859 in win32k.sys
Authors
Vasily Berdnikov
Boris Larin
Anton Ivanov
In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege Escalation vulnerability in Windows that we have discovered in recent months using our technologies. The previous ones were:
Zero-day exploit (CVE-2018-8453) used in targeted attacks
A new exploit for zero-day vulnerability CVE-2018-8589
Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
The fourth horseman: CVE-2019-0797 vulnerability
On March 17, 2019 we reported our discovery to Microsoft; the company confirmed the vulnerab
Krebs
Patch Tuesday, October 2018 Edition
blogs_krebs·2018-10-11·CVSS 7.8
CVE-2018-8453 [HIGH] Patch Tuesday, October 2018 Edition
Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.
The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, 10 and Server 2008, 2012, 2016 and 2019. According to security firm Ivanti , an attacker first needs to log into the operating system, but then can exploit this vulnerability to gain administrator privileges.
Another vulnerability patched on Tuesday — CVE-2018-8423 — was publicly disclosed last month along with sample exploit code. This flaw involves a component shipped on all Windows machines and used by a number of programs, and could be exploited by gettin
2019-04-17
Published