CVE-2023-25181
published 2023-11-14CVE-2023-25181: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.69%
74.2th percentile
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| silabs | gecko_software_development_kit | — | — |
| silicon_labs | gecko_platform | — | — |
| weston-embedded | cesium_net | — | — |
| weston-embedded | uc-http | — | — |
| weston_embedded | cesium_net | — | — |
| weston_embedded | uc-http | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
## Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe r
Talos
Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
blogs_talos·2023-11-22·CVSS 7.8
[HIGH] Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution
Cisco Talos’ Vulnerability Research team recently worked with Adobe and Microsoft to patch multiple vulnerabilities in the Acrobat and Excel software, respectively, that could lead to arbitrary code execution.
Talos also disclosed six vulnerabilities in the Weston Embedded µC-HTTP HTTP server implementation, some of which could also lead to code execution.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
# Adobe Acrobat Reader use-after-free vulnerabilities
Discovered by Jaewon Min and Aleksandar Nikolic of Cisco Talos.
Adobe recently patched two use-after-free vulnerabilities in its Acrobat PDF reader that Talos discover
2023-11-14
Published