MadDud (10)

Last Login: February 03, 2023
Assessments
3
Score
10

MadDud's Latest (3) Contributions

Sort by:
Filter by:
1
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

ImageMagick 7.1.0-49 is vulnerable to Information Disclosure by injecting a malicious PNG file.

“A malicious actor could craft a PNG or use an existing one and add a textual chunk type (e.g., tEXt). These types have a keyword and a text string. If the keyword is the string “profile” (without quotes) then ImageMagick will interpret the text string as a filename and will load the content as a raw profile, then the attacker can download the resized image which will come with the content of a remote file.”

At risk

ImageMagick 7.1.0-49

Mitigation

Patch to version 7.1.0-52 or higher

3
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

Proof of Concept of the XSS attack is publicly available.

This is an XSS attack, which doesn’t require authentication to plant the code, but it requires user interaction (visit something in web interface) to trigger it.

Original tweet: https://twitter.com/ptswarm/status/1408050644460650502
Copy of tweet (screenshot) and analysis https://www.tenable.com/blog/cve-2020-3580-proof-of-concept-published-for-cisco-asa-flaw-patched-in-october

3
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High