Microsoft Edge – Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.
Threat: If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Criticality: High
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0861
Microsoft XML – Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input.
Threat: When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.
Criticality: High
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0793
Apache – Escalation of Privilege Vulnerability
Description: Apache HTTP Server privilege escalation from modules’ scripts
Threat: Code executing in less-privileged child processes or threads could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard.
Criticality: High
Update/Patch: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
0 Comments