Explore >> Select a destination
|
You are here 
|
scarybeastsecurity.blogspot.com | ||
| | | | |
blog.isosceles.com
|
|
| | | | | Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached: "Google | |
| | | | |
www.evilsocket.net
|
|
| | | | | Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who's | |
| | | | |
positive.security
|
|
| | | | | Chaining a misconfiguration in IE11/Edge Legacy with an argument injection in a Windows 10/11 default URI handler and a bypass for a previous Electron patch, we developed a drive-by RCE exploit for Windows 10. The main vulnerability in the ms-officecmd URI handler has not been patched yet and can also be triggered through other browsers (requires confirmation of an inconspicuous dialog) and desktop applications that allow URI opening. | |
| | | | |
talosintelligence.com
|
|
| | | |||
