Author name: SSD Secure Disclosure technical team

SSD Advisory – File History Service (fhsvc.dll) Elevation of Privilege

Summary A vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system. Credit An independent security researcher working with SSD Secure Disclosure, the vulnerability was one of the winners of TyphoonCon’s TyphoonPWN 2023 – in the category of Windows PE. CVE CVE-2023-35359 Vendor Response The vendor has …

SSD Advisory – File History Service (fhsvc.dll) Elevation of Privilege Read More »

SSD Advisory –  TP-Link TL-WR840N Stack Buffer Overflow DoS

Summary A vulnerability in TP-Link’s TL-WR840N allows remote attackers to trigger a stack overflow vulnerability allowing remote attackers to cause a denial of service in httpd. Credit An independent security researcher, @delsploit, working with SSD Secure Disclosure. Affected Devices Vendor Response The vendor has released a new firmware (TL-WR840N(KR)_V6.2_230702) available at: https://www.tp-link.com/kr/support/download/tl-wr840n/#Firmware The vendor has …

SSD Advisory –  TP-Link TL-WR840N Stack Buffer Overflow DoS Read More »

SSD Advisory –  EdgeRouters and AirCube miniupnpd Heap Overflow

Summary A vulnerability in EdgeRouters’s and AirCube’s miniupnpd allows LAN attackers to cause the service to overflow an internal heap and potentially execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure. CVE CVE-2023-31998 Affected Devices EdgeRouters 2.0.9-hotfix.6 and earlier AirCube firmware version 2.8.8 and earlier Vendor Response The vendor has issued …

SSD Advisory –  EdgeRouters and AirCube miniupnpd Heap Overflow Read More »

TurboRand: V8 Type Confusion Private Property Leak

Introduction TurboRand is a v8 exploitation during the TyphoonCTF 2023, this challenge (a.k.a TruboFan is no Fun) centred around a TurboFan (V8’s optimising compiler) type confusion bug. For the challenge we provided contenders with multiple files: Looking Around Let’s inspect run (bash script): The script writes user-controlled JavaScript to a temporary file, and executes it …

TurboRand: V8 Type Confusion Private Property Leak Read More »

SSD Advisory –  KerioControl Remote Code Execution

Summary KerioControl suffers from a tar.gz path traversal within the import configuration functionality inside the admin panel which leads to Remote Code Execution. Credit Simon Janz Affected Devices KerioControl version 9.4.2 patch 1 build7290 Vendor Response The vendor has been notified on February 14, 2023, but has provided no indication whether or not it is …

SSD Advisory –  KerioControl Remote Code Execution Read More »

SSD Advisory – Kerio Mailbox Takeover

Summary By exploiting file upload functionality users are able to upload .html type of files, containing arbitrary JavaScript code, the file is then saved within server. An attacker would then compose and send an email containing URL to said malicious to the victim. Credit Jokūbas Arsoba Affected Devices Vendor Response The vendor has been notified …

SSD Advisory – Kerio Mailbox Takeover Read More »

SSD Advisory – SonicWall Out Of Bounds Write DoS

Summary A vulnerability in SonicWall allows remote attackers to crash the target server on affected installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the `httpServer` function. The issue results from the lack of checking the return result of `snprintf` before using it to calculate the maximum length. An attacker …

SSD Advisory – SonicWall Out Of Bounds Write DoS Read More »

SSD Advisory – MacOS Mozilla Firefox Download Protections were bypassed by .atloc / .ftploc Files

Summary A vulnerability in Mozilla Firefox has been found to not show an executable file warning when downloading .atloc and .ftploc files, which can run commands on a user’s computer. Credit Dohyun Lee, working for SSD Labs Korea. CVE CVE-2022-46875 Vendor Response The vendor has released patches available at: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/  Technical Analysis A vulnerability in …

SSD Advisory – MacOS Mozilla Firefox Download Protections were bypassed by .atloc / .ftploc Files Read More »

Win32k User-Mode Printer Drivers StartDoc UAF

Summary A vulnerability in the UMPD (User-Mode Printer Drivers) allows local users to trigger a use-after-free vulnerability. The vulnerability works from Windows 8 and above, and is fairly easy to exploit on older Windows machines. Credit An independent security researcher working SSD Secure Disclosure. CVE  CVE-2022-41050 Vendor Response The vendor has released patches available at: …

Win32k User-Mode Printer Drivers StartDoc UAF Read More »

?

Get in touch