VMware Workstation contains a use-after-free vulnerability in the Advanced Linux Sound Architecture (ALSA) backend. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with other issues to execute code on the Linux host where Workstation is installed.
Tag: Code Execution
ASA-2019-00313 – NVIDIA GeForce Experience: DLL preloading attack (binary planting) in installer software
NVIDIA GeForce Experience installer software contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), leading to escalation of privileges through code execution. The attacker requires local system access.
ASA-2019-00312 – NVIDIA GeForce Experience: Vulnerability in the Web Helper component
NVIDIA GeForce Experience contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
ASA-2019-00308 – Evernote: Path traversal vulnerability leads to code execution
A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like (../../../../something.app). Since Evernote also has a feature of sharing notes, in such a case an attacker could leverage this vulnerability and send crafted notes (.enex) to the victim to perform further attacks.
ASA-2019-00263 – LibreOffice: Executable hyperlink targets executed unconditionally on activation
Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally.
ASA-2019-00225 – Symfony: Prevent destructors with side-effects from being unserialized
When unserialize() is called with content coming from user input, malicious payloads could be used to trigger file deletions or raw output being echoed.
ASA-2019-00224 – jQuery: Object Prototype Pollution Vulnerability
It was discovered an object prototype pollution vulnerability (CVE-2019-11358) in the jQuery, a JavaScript library. JavaScript object is like a variable that can be used to store multiple values based on a predefined structure. A prototype is used to define an object’s default structure and default values; it is essential to specify an expected structure particularly when no value is set. This vulnerability enables an attacker to modify a web application's JavaScript object prototype. However, each exploitation must be fine-tuned individually for the specific target, hence requiring the attacker to have in-depth knowledge on how each web application works.
ASA-2019-00220 – GitLab: PDF.js vulnerable to CVE-2018-5158
The version of PDF.js embedded in Gitlab is 1.8.172, which is vulnerable to CVE-2018-5158. Per the summary, attacker-supplied JavaScript will be executed in a web worker context.