#windows

By Deeba Ahmed The Vault 7 leak included trojans, viruses, malware, zero-day exploits, malware remote control systems, and related documents dating… This is a post from HackRead.com Read the original post: CIA Whistleblower Found Guilty of Leaking Vault 7 Documents to WikiLeaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.

Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.

The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.

On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller's impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.