Advisories

Security advisories for vulnerabilities identified by Blue Frost Security.

LG PC Suite Insecure Update Mechanism

A vulnerability inside the update mechanism was identified which allows an attacker to remotely execute arbitrary code on the target system.

Huawei HiSuite Insecure Service Directory ACLs

A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.

Samsung SW Update Insecure Service Directory ACLs

A privilege escalation vulnerability was identified which can be used by a local user to elevate privileges.

FireEye Detection Evasion and Whitelisting of Arbitrary Malware

An analysis engine evasion was identified which allows an attacker to completely bypass FireEye's virtualization-based dynamic analysis on Windows and whitelist arbitrary malicious binaries.

IE11 CObjectElement Use-After-Free Vulnerability

A use-after-free vulnerability was identified which allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer.

OpenSSH PAM Privilege Separation Vulnerabilities

Multiple vulnerabilities in OpenSSH were identified that could allow successful authentication as an arbitrary user and thus impersonation of other users.

IE11 CTreeNode::GetCascadedLang Use-After-Free Vulnerability

A use-after-free vulnerability was identified which allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer.