Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an malicious user to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net framework 4.6.1 |
||
microsoft .net framework 4.6.2 |
||
microsoft .net framework 4.5.2 |
||
microsoft .net framework 4.6 |
||
microsoft .net framework 2.0 |
||
microsoft .net framework 3.5 |
||
microsoft .net framework 3.5.1 |
||
microsoft .net framework 4.7 |
IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q2: In Q2 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 181,725 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("s...
These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. According to Kaspersky Security Network, Q1 2020 will be remembered primarily for the coronavirus pandemic and cybercriminals’ exploitation of the topic. In particular, the creators of a new modification of the Ginp banking trojan renamed their malware Coronavirus Finder and then began offering it for €0.75 disguised as an app supposedly capable of detectin...
Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week
Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware. A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe. Microsoft ranks highly in the list because its software is widely used, and provides the mo...
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network: In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it could delive...
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q2 2019 will be remembered for several events. First, we uncovered a large-scale financial threat by the name of Riltok, which targeted clients of not only major Russian banks, but some foreign ones too. Second, we detected the new Trojan.AndroidOS.MobOk malware, tasked with stealing money from mobile accounts through explo...
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q1 2019 is remembered mainly for mobile financial threats. First, the operators of the Russia-targeting Asacub Trojan made several large-scale distribution attempts, reaching up to 13,000 unique users per day. The attacks used active bots to send malicious links to contacts in already infected smartphones. The mailings ...
According to KSN: In Q1 2018, DNS-hijacking, a new in-the-wild method for spreading mobile malware on Android devices, was identified. As a result of hacked routers and modified DNS settings, users were redirected to IP addresses belonging to the cybercriminals, where they were prompted to download malware disguised, for example, as browser updates. That is how the Korean banking Trojan Wroba was distributed. It wasn’t a drive-by-download case, since the success of the attack largely depended ...
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...
For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second hal...
According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. 72,012,219 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,388 user computers. Crypto ransomware attacks were blocked on 186283 computers of unique users. Kaspersky Lab’s file antivirus detected ...
More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details required for a fix. On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild ag...
So much for that security-patch-free October 'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'
Adobe today issued an emergency security patch for Flash, which squashes a bug being used in the wild right now by hackers to infect Windows PCs with spyware. The flaw, CVE-2017-11292, was discovered by Kaspersky Labs, and affects all current versions of Flash for Windows, macOS, Linux and Chrome OS. A programming cockup in the software allows malicious Flash files – hidden on websites or embedded in Office documents and other files – to corrupt the plugin's internal memory structures and ga...
Look Microsoft, we'll stop these headlines when your stuff stops getting pwned
While much of the tech world is still fixating on Apple's $1,000 face-reading iPhone, administrators are going to be busy testing and deploying this month's Patch Tuesday load. Microsoft, Adobe, and Google have all released patches to mark the second Tuesday of the month. The updates include fixes for Flash, Edge, Internet Explorer, and Android. Redmond's September patch dump addresses a total of 81 CVE-listed vulnerabilities, 39 of which would allow for remote code execution. Four of the flaws ...