exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2019-1145

Status Candidate

Overview

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

Related Files

Red Hat Security Advisory 2020-4298-01
Posted Oct 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2016-10739, CVE-2018-14404, CVE-2018-14498, CVE-2018-16890, CVE-2018-18074, CVE-2018-18624, CVE-2018-18751, CVE-2018-19519, CVE-2018-20060, CVE-2018-20337, CVE-2018-20483, CVE-2018-20657, CVE-2018-20852, CVE-2018-9251, CVE-2019-1010180, CVE-2019-1010204, CVE-2019-11070, CVE-2019-11236, CVE-2019-11324, CVE-2019-11358, CVE-2019-11459, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-12450
SHA-256 | b21e4b6db18910bfdf465e20ef86844c5bb5f82b4312bf2f74efe50f227b2c78
Download | Favorite | View
Red Hat Security Advisory 2020-1074-01
Posted Apr 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1074-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format, PostScript, Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-21009, CVE-2019-10871, CVE-2019-11459, CVE-2019-12293, CVE-2019-9959
SHA-256 | e07a238d61bf8b808c561b492be874015092db295594de66882d4b3f60c12a75
Download | Favorite | View
Debian Security Advisory 4624-1
Posted Feb 17, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-1000159, CVE-2019-1010006, CVE-2019-11459
SHA-256 | 47b3e5a4f805a01c0ddc8e3d59bfc974a87af121e15c62e6f5465c0d166e0582
Download | Favorite | View
Red Hat Security Advisory 2019-3553-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3553-01 - GNOME is the default desktop environment of Red Hat Enterprise Linux. Improper authorization and uninitialized memory use issues were addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-11459, CVE-2019-12795
SHA-256 | e0dca6edd1438f87101d73849318152a3c3e5baf99821001d009241a7346f6bb
Download | Favorite | View
Django CRM 0.2.1 Cross Site Request Forgery
Posted Aug 26, 2019
Authored by Daniel Bishtawi | Site netsparker.com

Django CRM version 0.2.1 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2019-11457
SHA-256 | 72f9f9a34a620b71f3ca6c75a8db1a9a38b3efcd26f65af797819b59d697faf1
Download | Favorite | View
Microsoft Font Subsetting DLL MergeFontPackage Dangling Pointer
Posted Aug 15, 2019
Authored by Google Security Research, mjurczyk

The Microsoft Font Subsetting DLL (fontsub.dll) is a default Windows helper library for subsetting TTF fonts. It has an issue where it returns a dangling pointer via MergeFontPackage.

tags | exploit
systems | windows
advisories | CVE-2019-1145
SHA-256 | b7462443e93a2f335edb0fa0cb618f1ca09b68a645524a4da907045e4cbecac9
Download | Favorite | View
Ubuntu Security Notice USN-3971-1
Posted May 8, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3971-1 - Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting attacks. Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to leak potentially sensitive information.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2019-11454, CVE-2019-11455
SHA-256 | 59df87c397347da7a08470d5538a62ec94fe38b4bb428fd192e85b173d298c35
Download | Favorite | View
Ubuntu Security Notice USN-3959-1
Posted Apr 29, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3959-1 - It was discovered that Evince incorrectly handled certain images. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-11459
SHA-256 | 669dda614f5b4d31dcae47c97ea37086595e9048aaeae96cd72e4b56af7910f3
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    13 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    27 Files
  • 30
    Jul 30th
    49 Files
  • 31
    Jul 31st
    29 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close