Year: 2023
ZDI-23-1788: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-33146.
‘Forza Horizon’ Races Over to GeForce NOW
This GFN Thursday is burning rubber with the latest Forza Horizon games from Microsoft Studios. Check them out on PC Game Pass. Plus, give the gift of cloud gaming with the latest membership bundle, which includes a free, three-month PC Game Pass subscription with the purchase of a six-month GeForce NOW Ultimate membership. It’s all …
ZDI-23-1773: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-50197.
ZDI-23-1772: (0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability
This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5.
ZDI-23-1771: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2022-26804.
ZDI-23-1770: Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
How Is AI Used in Fraud Detection?
The Wild West had gunslingers, bank robberies and bounties — today’s digital frontier has identity theft, credit card fraud and chargebacks. Cashing in on financial fraud has become a multibillion-dollar criminal enterprise. And generative AI in the hands of fraudsters only promises to make this more profitable. Credit card losses worldwide are expected to reach …
Pie From the Sky: Drone Startup Delivers Pizza, Meds and Side of Excitement
Zipline isn’t just some pie-in-the-sky drone startup. The San Francisco-based company has completed more than 800,000 deliveries in seven countries since its start in 2011. It recently added services for Seattle’s Pagliacci Pizza, vitamin and supplement giant GNC, and large health systems like Intermountain Health, OhioHealth and Michigan Medicine. Zipline developed its drones — which …
Pie From the Sky: Drone Startup Delivers Pizza, Meds and Side of ExcitementRead More
ZDI-23-1766: Extreme Networks AP410C ah_webui Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to reach critical functions on affected installations of Extreme Networks AP410C routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-46271.
ZDI-23-1765: Extreme Networks HiveOS ah_auth Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Extreme Networks routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-46272.
