{"id":9779,"date":"2017-10-10T07:01:10","date_gmt":"2017-10-10T15:01:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/10\/10\/news-3552\/"},"modified":"2017-10-10T07:01:10","modified_gmt":"2017-10-10T15:01:10","slug":"news-3552","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/10\/10\/news-3552\/","title":{"rendered":"TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of October 2, 2017"},"content":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 06 Oct 2017 14:55:49 +0000<\/strong><\/p>\n

\"\"<\/p>\n

Have you ever read something online and you read a word as something else? Sometimes the weight of our eyelids makes our eyes deceive us after hours staring at a computer screen. As I stated to read a Zero Day Initiative blog<\/a> published this week by Simon Zuckerbraun, instead of reading the word \u201cChakra,\u201d which is the JavaScript engine present in Microsoft Edge, I read \u201cChaka Khan.\u201d Just typing the words Chaka Khan \u2013 now I can\u2019t get the beginning of her song \u201cI Feel For You\u201d out of my head.<\/p>\n

After realizing my reading error, I starting reading more. So does the blog \u201ctell me something good\u201d about Chakra?<\/p>\n

As it turns out, one of the winning entries from the 2017 Pwn2Own competition<\/a> held earlier this year was a vulnerability found within the execution engine of Chakra (CVE-2017-0234<\/a>) that gained remote code execution. Simon Zuckerbraun goes into a deep dive of the vulnerability, the patch to correct the vulnerability and walks through the conditions required to safely remove bounds checking in the just-in-time (JIT) engine. You can the full blog here<\/a>.<\/p>\n

Zero-Day Filters<\/strong><\/p>\n

There are nine new zero-day filters covering four vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and\/or optimize performance. You can browse the list of published advisories<\/a> and upcoming advisories<\/a> on the Zero Day Initiative<\/a> website. You can also follow the Zero Day Initiative on Twitter @thezdi<\/a> and on their blog<\/a>.<\/p>\n

Advantech (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29657: ZDI-CAN-4992,4993,5042-5055,5061-5065: Zero Day Initiative Vulnerability (Advantech WebAccess)<\/li>\n
  • 29683: ZDI-CAN-5057: Zero Day Initiative Vulnerability (Advantech WebAccess)<\/li>\n
  • 29684: ZDI-CAN-5058: Zero Day Initiative Vulnerability (Advantech WebAccess)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

EMC (2)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29660: HTTP: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Vulnerability (ZDI-17-491)<\/li>\n
  • 29661: HTTPS: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Vulnerability(ZDI-17-491)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Foxit (1)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29135: HTTP: Foxit Reader launchURL Command Injection Vulnerability (ZDI-17-691)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Microsoft (3)<\/em><\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • 29685: HTTP: Microsoft Office WordPerfect Document Converter Buffer Overflow Vulnerability (ZDI-17-730)<\/li>\n
  • 29687: ZDI-CAN-5059: Zero Day Initiative Vulnerability (Microsoft Edge)<\/li>\n
  • 29694: ZDI-CAN-5069: Zero Day Initiative Vulnerability (Microsoft Windows SMB)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Missed Last Week\u2019s News?<\/strong><\/p>\n

Catch up on last week\u2019s news in my weekly recap<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 06 Oct 2017 14:55:49 +0000<\/strong><\/p>\n

\"\"Have you ever read something online and you read a word as something else? Sometimes the weight of our eyelids makes our eyes deceive us after hours staring at a computer screen. As I stated to read a Zero Day Initiative blog published this week by Simon Zuckerbraun, instead of reading the word \u201cChakra,\u201d which…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10384,714,10415],"class_list":["post-9779","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-network","tag-security","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9779"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9779\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9779"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}