For the past three years, a lot of vulnerabilities have been published in the security advisory to alert the user about the vulnerabilities. From the advisory that been listed, the following list of the vulnerabilities has been generated headlines among the security team.

  1. These vulnerabilities have been published around 3 years ago which labeled CVE-2017-11882 which relates a remote code execution that can be found in Microsoft Office. An attacker can use a variety of malware methods to compromise any vulnerable computer by security measures been bypassed.
https://www.youtube.com/watch?v=UL1vZJ8_6aM&t=83s

Source: CVE-2017-11882 Microsoft Office Memory Corruption | Kali Linux 2018

The vulnerabilities have been found since 2017 which the product such as Microsoft Equation Editor has been compiled around November 2000 (Y2K era). However, the vulnerabilities have been solved with a fix on the Microsoft Product.

2. This vulnerability like CVE-2012-0158 can be considered an old bug that found in Windows ActiveX but some machines have not been unpatched and can be exploited by the likes of Dridex Trojan.

Dridex Trojan has been become a top listing and most wanted for Malware of Banking Trojan such as BitPaymer and DoppelPaymer.

For more details on those Dridex Trojan, BitPaymer and DoppelPaymer can read at here

3. Well-known vulnerabilities around the year 2019 are CVE-2019-0604 which the vulnerabilities is been found within a SharePoint product. The type of vulnerabilities is related to remote code execution flaws. In Mid-2019, attackers have made use of vulnerabilities where they successfully access the United Nations in Geneva’s System where sensitive information has been extracted from the system.

Source: Demonstrating a Remote Code Execution Bug on Microsoft SharePoint (CVE-2019-0604)

4. In early 2018, CVE-2018-4878 has been found within Adobe Flash Player.

Source: CVE-2018-4878 Flash poc

As been mentioned in 4 vulnerabilities that been found from 3 years ago show that vulnerabilities can be found by anyone and anytime. As a result, the Security team of the organization will need to be aware and update with the latest vulnerabilities in the wild to ensure the security of the system and application security.

Categories:

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *