#windows

Izdelava IDS version 2.0 suffers from a cross site scripting vulnerability.

Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious JPG file.

### Impact For Windows users of `github.com/cyphar/filepath-securejoin`, until v0.2.4 it was possible for certain rootfs and path combinations (in particular, where a malicious Unix-style `/`-separated unsafe path was used with a Windows-style rootfs path) to result in generated paths that were outside of the provided rootfs. It is unclear to what extent this has a practical impact on real users, but given the possible severity of the issue we have released an emergency patch release that resolves this issue. Thanks to @pjbgf for discovering, debugging, and fixing this issue (as well as writing some tests for it). ### Patches c121231e1276e11049547bee5ce68d5a2cfe2d9b is the patch fixing this issue. v0.2.4 contains the fix. ### Workarounds Users could use `filepath.FromSlash()` on all unsafe paths before passing them to `filepath-securejoin`. ### References See #9.

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forging tokens to access Outlook by compromising an engineer’s corporate account. This enabled the adversary to access a debugging environment that contained a crash dump of the consumer signing system that took place in April 2021 and steal the key. “A consumer

### Impact All users on Windows are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. ### Patches There are two patches that fix this problem comprehensively ``` commit b3c54ec81e0a06392abfb3a1ffcdc80c6fbf6ebc Author: Harshavardhana <harsha@minio.io> Date: Mon Mar 20 13:16:00 2023 -0700 reject object names with '\' on windows (#16856) ``` ``` commit 8d6558b23649f613414c8527b58973fbdfa4d1b8 Author: Harshavardhana <harsha@minio.io> Date: Mon Mar 20 00:35:25 2023 -0700 fix: convert '\' to '/' on windows (#16852) ``` ### Workarounds There are no known workarounds ### References The vulnerable code: ```go // minio/cmd/generic-handlers.go // Check if the incoming path has bad path components, // such as ".." and "." // SlashSep...

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `h...

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.