Source |
CISCO Talos |
Identifiant |
2068530 |
Date de publication |
2020-11-30 09:26:06 (vue: 2020-12-01 00:05:06) |
Titre |
Vulnerability Spotlight: Multiple vulnerabilities in WebKit |
Texte |
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.Executive summary
The WebKit browser engine contains multiple vulnerabilities in various functions of the software. A malicious web page code could trigger multiple use-after-free errors, which could lead to remote and arbitrary code execution. An attacker could exploit these vulnerabilities by tricking the user into visiting a specially crafted, malicious web page on a browser utilizing WebKit.
In...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Envoyé |
Oui |
Condensat |
after arbitrary attacker beginning blog browser cisco code complete contains could crafted discovered engine entry errors execution executive exploit free functions jon lead malicious marcin multiple munshaw noga only page please remote software specially spotlight: summary talos these tricking trigger use user utilizing various visit visiting vulnerabilities vulnerability web webkit which “icewall” |
Tags |
Vulnerability
Guideline
|
Stories |
|
Notes |
|
Move |
|
Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-03-03 06:59:15 |
(Déjà vu) Vulnerability Spotlight: Remote code execution vulnerability in WebKit WebAudio API (lien direct) |
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon MunshawExecutive summary
The WebKit browser engine contains a remote code execution vulnerability in its WebAudio API interface. A malicious web page code could trigger a use-after-free error, which could lead to arbitrary code execution. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious web page and performing a guest-to-host escape through Hyper-V...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Vulnerability
Guideline
|
|
|