Vulnerabilities (Page 51)

macOS Finder RCE

A malicious inetloc file can be used to execute arbitrary applications that already exist on the system.Normally inetloc files are usually shortcuts to an internet location…

 

Argument Injection in AWS WorkSpaces Desktop Client URI Handler

The AWS WorkSpaces desktop application registers a custom URI on the host system and does not properly sanitize the parameters leading to argument injection. As the WorkSpaces client is based on Chromium Embeded Framework the debugging argument --gpu-launcher can be used to issue arbitrary commands.

 

Nitro Pro PDF JavaScript document.flattenPages JSStackFrame stack-based use-after-free vulnerability

This Talos report covers a non-trivial issue where a stack pointer is used after it went out of scope when invoking JS bindings, which are provided to document creators by Nitro Pro PDF for automating aspects of the document.When one of these bindings needs to be executed by the SpiderMonkey library, the js32u.dll!js_Invoke function is used to create stack space and push a JSStackFrame object to be used by the invoked binding…