exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2019-1152

Status Candidate

Overview

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

Related Files

Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting
Posted Aug 16, 2019
Authored by Martin Heiland, zee_shan

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

tags | exploit, spoof, vulnerability, xss, info disclosure
advisories | CVE-2019-11521, CVE-2019-11522, CVE-2019-11806
SHA-256 | 2071c53e872acfa5491162c42ffc088b0353ec35291faf2ce74402fd3c1328d6
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
Posted Aug 16, 2019
Authored by Hanno Boeck, Juraj Somorovsky, Martin Heiland, Jorg Schwenk, Sebastian Schinzel, Damian Poddebniak, Jens Muller, Marcus Brinkmann

Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.

tags | exploit, xss
advisories | CVE-2018-9997, CVE-2019-11521
SHA-256 | ea4821effec5ebd51f45bdf732d362fc22eb10a99a7363c2441cceeedc97dfae
Microsoft Font Subsetting DLL MakeFormat12MergedGlyphList Heap Corruption
Posted Aug 15, 2019
Authored by Google Security Research, mjurczyk

Microsoft Font Subsetting DLL suffers from a heap corruption vulnerability in MakeFormat12MergedGlyphList.

tags | exploit
advisories | CVE-2019-1152
SHA-256 | 9ad072537e464902161bb1d614b4ef7d91d6dfd438e7a9b6bda50e71f2ad8176
Anviz M3 RFID Missing Access Controls
Posted May 23, 2019
Authored by WizLab.it | Site wizlab.it

Security issues have been found in the Anviz M3 RFID Access Control device when working in standalone mode connected to a TCP/IP network that could lead to access control bypass and private information leakage and alteration.

tags | exploit, tcp
advisories | CVE-2019-11523
SHA-256 | c1ad183da60120552ef4da27582e26b8013025e79bc583b88967bdff43a3cbeb
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close