dmelcher5151 (19)
Last Login: August 29, 2023
dmelcher5151's Latest (9) Contributions
Technical Analysis
Numerous public reporting on this being leveraged to enter org perimeter appliance.
Technical Analysis
One of a slew of PDF exploits actively used in phishing campaigns and even exploit kits for a few years.
Technical Analysis
A rather prolific exploit from the summer of ‘12. A couple Chinese intrusion sets went ham with this almost as a final hurrah considering the exposure it brought on them and how things changed over the years to follow.
good question. my assumption is this rating system is based on a scenario where the target is vulnerable/not mitigated and contemporaneous to first observation/exploitation for factors like enterprise exposure.
Technical Analysis
Was obvious the week it hit that it would replace 2010-3333, and it did. Bread and butter for many phishing campaigns for years.
Technical Analysis
Was the bread and butter for many phishing campaigns for years.
Technical Analysis
A bit legendary at this point but memory chunks from VPN devices was a real problem. If vulnerable, got hit.
Technical Analysis
Can download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.
I replied to your other similar comment on 2012-0158, but said another way it’s hard for me to imagine the purpose of this rating system is to go through and down-rate vulnerabilities over time as patches are created and deployed. The rating I gave is my opinion based on the vulnerability at the time it came out. If your Office isn’t vulnerable to this exploit (and it shouldn’t be), then obviously the rating doesn’t apply to you. This is even true of 0-days.