Microsoft Excel – Information Disclosure Vulnerability

 

Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. 

Threat: An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

Criticality: High

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1112

 

VLC Media Player – Heap Buffer Overflow Vulnerability

 

Description:  VideoLAN VLC media player 3.0.7.1 has a heap-based buffer overflow. Playing any untrusted video files on it might allow hackers to remotely take control over your systems.

Threat:  An attacker who exploited the vulnerability could execute arbitrary code and disclose information.

Criticality: High

Update/Patch: https://nvd.nist.gov/vuln/detail/CVE-2019-13615#vulnCurrentDescriptionTitle

 

Ellucian Banner Web Tailor – Improper Authentication Vulnerability

 

Description: This vulnerability is produced when SSO Manager is used as the authentication mechanism for Web Tailor

Threat: An attacker who exploited the vulnerability could steal a victim’s session by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim’s UDCID. 

Criticality: High

Update/Patch: https://nvd.nist.gov/vuln/detail/CVE-2019-8978#vulnCurrentDescriptionTitle

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.

You have Successfully Subscribed!

Share This

Contacting us to better serve you

 

Dear customers,

We continue to experience higher-than-normal volumes of phone requests related to remote working arrangements. Therefore, if you have a support issue or need to contact us, we ask that you please email support@getnext.com.au first with your contact details, your business name and the nature of your issue. If you already have a ticket number, please respond to the ticket email received.

Regards,

The getNEXT Team