Ticket | Info |
---|---|
US68632 | Added NEW Smart StrikeList called "ShadowBroker Strikes". This list includes strikes covering vulnerabilities targeted by ShadowBrokers exploit tools https://github.com/misterch0c/shadowbroker . |
US66771 | Updated strike CVE 2017-0199 (strikeID: E17-0bfb8) references to include URL with the public PoC published on gitHub. Also updated strike to generate 8 distinct attack variants. |
US68635 | Updated strike CVE 2002-1337 (strikeID: E02-11501) description to include mentioning the ShadowBroker leak and exploit name (EarlyShovel). Also updated strike to include EarlyShovel specific attack variant. |
Name | Category | Info |
---|---|---|
DropboxPaper May17 | Data Transfer/File Sharing | Simulates the use of the Dropbox Paper website as of May 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Dropbox Paper May 17 | Data Transfer/File Sharing | Simulates the use of the Dropbox Paper website as of May 2017. All of the available actions for this flow are exercised. |
Dropbox Paper Edit/Share File May 17 | Data Transfer/File Sharing | Simulates the use of the Dropbox Paper website as of May 2017 to edit and share a file online. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.3 | E17-0bhu1 |
BID-98330 CVE-2017-0290 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) GOOGLE-1252 SCIP-100918 |
Exploits | This strike exploits a vulnerability in Microsoft MpEngine. The vulnerability is due to failure to validate an object's message type while evaluating Javascript. An attacker could remotely execute arbitrary code on a target system by sending a malicious file via email or enticing a user to view the file in a web browser. |
8.5 | E17-m91t2 |
CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) SECURITYTRACKER-1038161 URL ZDI-17-229 |
Exploits | This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). The pac_file_name parameter, which is sent in HTTP POST requests to the /servlet/com.trend.iwss.gui.servlet.PacFileManagement uri, is vulnerable to command injection and is not sanitized. An attacker can send a specially crafted HTTP POST request to achieve arbitrary command execution. NOTE: By default the vulnerable services are accessed via SSL connection (port 8443) |
7.8 | E17-0fqt1 |
BID-97214 CVE-2017-5797 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL ZDI-17-192 |
Exploits | This strike exploits an information disclosure vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center (IMC). Specifically, an authentication check is not made when processing HTTP requests sent to the URI /servicedesk/servicedesk/fileDownload. An unauthenticated attacker can specify a file and path as the value of the filePath parameter to disclose contents on the remote machine. |
7.6 | E17-0bde1 |
BID-96647 CVE-2017-0130 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability in Microsoft Internet Explorer. Specifically, an attacker can craft javascript in such a way that overwrites the eval method and calls the Javascript function JoinToString with an object that is not of the expected writeableString type. This causes type confusion to occur and can lead to a denial of service condition in the browser or potentially remote code execution. |
7.5 | D17-1vlr1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Denial | This strike exploits a DoS vulnerability in Windows Vista, Windows 7 and Windows 8.1 NTFS file system. The vulnerability can be triggered by accessing any directory name using the $MFT file name. Successful exploitation will result in system hang or crash. |