Aggregator

CVE-2004-1104 | Microsoft Internet Explorer up to 6 Statusbar Remote Code Execution (VU#702086 / EDB-24714)

Vuldb Updates
2 days ago
A vulnerability was found in Microsoft Internet Explorer up to 6. It has been classified as problematic. The impacted element is an unknown function of the component Statusbar Handler. Performing manipulation results in Remote Code Execution. This vulnerability is cataloged as CVE-2004-1104. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended that the affected component be replaced with an alternative.
vuldb.com

CVE-2004-0842 | Microsoft Internet Explorer up to 6.1 SP2 CSS heap-based overflow (VU#291304 / EDB-24328)

Vuldb Updates
2 days ago
A vulnerability, which was classified as critical, was found in Microsoft Internet Explorer up to 6.1 SP2. The impacted element is an unknown function of the component CSS. The manipulation with the input [STYLE]@;/* results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2004-0842. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to use an alternative in place of the affected component.
vuldb.com

CVE-2004-0842 | Microsoft Internet Explorer up to 6 Cascading Style Sheet heap-based overflow (MS04-038 / VU#291304)

Vuldb Updates
2 days ago
A vulnerability identified as critical has been detected in Microsoft Internet Explorer up to 6. Affected by this vulnerability is an unknown functionality of the component Cascading Style Sheet Handler. Performing manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2004-0842. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2004-2090 | Microsoft Internet Explorer up to 6 SP1 VBA File information disclosure (EDB-23668 / XFDB-15078)

Vuldb Updates
2 days ago
A vulnerability, which was classified as problematic, was found in Microsoft Internet Explorer up to 6 SP1. Affected by this vulnerability is an unknown functionality of the component VBA File Handler. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2004-2090. The attack can be executed remotely. Additionally, an exploit exists. It is best to exchange the affected component with an alternative.
vuldb.com

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

The Hackers News
2 days ago
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad
The Hacker News

New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware

Cyber Security News
2 days ago

Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading as urgent administrative forms or compensation requests. Upon opening, the document’s embedded macros drop a […]

The post New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

HTB 靶机渗透总结之 Rebound

先知技术社区
2 days ago
Rebound,以域控环境为基础的疯狂难度靶机。关键是在逐步完成基础信息的枚举时,还要将密码喷洒拷票攻击、影子凭据技术、还有更高级别的委派攻击RBCD等技术结合到一起。甚至在靶机的部署中还开启了 LDAP 签名要求和通道绑定等加固手段,加大了脚本和自动化攻击的使用门槛。其中所涉及的技术是红队攻击的典型手段,是必须掌握的关键技能。

Managed ad