Patch/Configuration Management, Vulnerability Management

New PDF exploit potential

Dan KaplanMarch 6, 2009

As businesses await the Adobe Acrobat and Reader zero-day vulnerability patch (coming March 11), researcher Didier Stevens this week detailed a way to exploit the bug without users clicking on any malicious PDF document. Essentially, when a PDF is listed in Windows Explorer, a shell extension will read the document to provide more information, such as file size or type, thus executing code without any user interaction, Stevens said. — DK

Dan Kaplan

(Credit: monticellllo – stock.adobe.com)

Network Security

Fortinet patches FortiClientLinux critical RCE vulnerability

Laura FrenchApril 10, 2024

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

Source PC website developer. Real software development code. JavaScript code in text editor. Computer interface. Abstract technology background. Java Software engineer concept.

Vulnerability Management

Command injection attacks likely with critical Rust vulnerability

SC StaffApril 10, 2024

Windows devices could be targeted with command injection attacks exploiting the maximum severity Rust standard library vulnerability, tracked as CVE-2024-24576, The Hacker News reports.

Network Security

Microsoft fixes a record 147 bugs in April release of Patch Tuesday

Simon HenderyApril 10, 2024

This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

New PDF exploit potential

Related

Fortinet patches FortiClientLinux critical RCE vulnerability

Command injection attacks likely with critical Rust vulnerability

Microsoft fixes a record 147 bugs in April release of Patch Tuesday

Get daily email updates