Month: March 2023
ZDI-23-378: Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability.
ZDI-23-377: TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-376: Microsoft Excel SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-375: Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Pwn2Own Vancouver 2023 – Day Three Results
That’s a wrap for Pwn2Own Vancouver! Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3. Team Synacktiv: Eloi Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas …
Pwn2Own Vancouver 2023 – Day Two Results
Welcome to Day 2 of Pwn2Own Vancouver 2023! We’ll be updating this blog in real time as results become available. We’re excited to say that all unique winning entries will receive the full payout during this year’s contest. We’ll update this blog throughout the day with results as they come in. SUCCESS / COLLISION – …
Pwn2Own Vancouver 2023 – Day One Results
Welcome to Pwn2Own Vancouver 2023! We’ll be updating this blog in real time as results become available. We have eight attempts for today, including a SharePoint RCE and a Tesla exploit. We’re excited to say that all unique winning entries will receive the full payout during this year’s contest. We’ll update this blog throughout the …
April Showers Bring 23 New GeForce NOW Games Including ‘Have a Nice Death’
It’s another rewarding GFN Thursday, with 23 new games for April on top of 11 joining the cloud this week and a new Marvel’s Midnight Suns reward now available first for GeForce NOW Premium members. There are dozens of us…dozens! Newark, N.J., is next to complete its upgrade to RTX 4080 SuperPODs, making it the …
April Showers Bring 23 New GeForce NOW Games Including ‘Have a Nice Death’Read More
Blender Update 3.5 Fuels 3D Content Creation, Powered by NVIDIA GeForce RTX GPUs
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. We’re also deep diving on new GeForce RTX 40 Series GPU features, technologies and resources, and how they dramatically accelerate content creation. It’s …
Blender Update 3.5 Fuels 3D Content Creation, Powered by NVIDIA GeForce RTX GPUsRead More
ZDI-23-341: Schneider Electric IGSS openReport Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
NEWS
-
How AI Is Personalizing Customer Service Experiences Across Industries
September 7, 2024Customer service departments across industries are facing increased call volumes, high customer service agent turnover, talent shortages and shifting customer expectations. Customers expect both self-help options and real-time, person-to-person support. These expectations for seamless, personalized experiences extend across digital communication... -
ZDI-24-1195: Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
September 6, 2024This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a... -
ZDI-24-1193: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
September 6, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI...