what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2019-1149

Status Candidate

Overview

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

Related Files

Red Hat Security Advisory 2020-1581-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1581-01 - WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-19840, CVE-2018-19841, CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010319, CVE-2019-11498
SHA-256 | bf11e9bffaa6909436fbaba57ba22b13c045659840f917f12cbc8328ffe49075
Download | Favorite | View
Microsoft Font Subsetting DLL FixSbitSubTables Heap Corruption
Posted Aug 15, 2019
Authored by Google Security Research, mjurczyk

Microsoft Font Subsetting DLL suffers from a heap corruption vulnerability in FixSbitSubTables.

tags | exploit
advisories | CVE-2019-1149
SHA-256 | f46d17c954f6e94d032c69f8511236395dead5379f423b21f856132b36934f44
Download | Favorite | View
Dovecot 2.3 Denial Of Service
Posted May 2, 2019
Authored by Stephan Bosch, Marcelo Coelho

Dovecot version 2.3 suffers from multiple denial of service conditions. Included in this archive is the advisory as well as patches to address the issue.

tags | advisory, denial of service, patch
advisories | CVE-2019-11494, CVE-2019-11499
SHA-256 | 7e75b0da6da935fe42250e823a8a02e8fd65f715b1b3c902280f8223f8241b8d
Download | Favorite | View
Ubuntu Security Notice USN-3961-1
Posted May 1, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3961-1 - It was discovered that the Dovecot Submission login service incorrectly handled certain operations. A remote attacker could possibly use this issue to cause Dovecot to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2019-11494
SHA-256 | cda6024b86947a39dfed42fa93c70134e44c20d09ea1b1fc88cb668427e16b2b
Download | Favorite | View
Ubuntu Security Notice USN-3960-1
Posted Apr 30, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3960-1 - It was discovered that WavPack incorrectly handled certain DFF files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-11498
SHA-256 | e5c36b8236e5dcac5f3e631829a426222f458001fa01af8cacd7e1b7017756d3
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    31 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close