dmelcher5151 (18)

Last Login: August 20, 2020
Assessments
7
Score
18

dmelcher5151's Contributions (9)

Sort by:
Filter by:
2
Ratings
Technical Analysis

Numerous public reporting on this being leveraged to enter org perimeter appliance.

1
Ratings
Technical Analysis

One of a slew of PDF exploits actively used in phishing campaigns and even exploit kits for a few years.

1
Ratings
Technical Analysis

A rather prolific exploit from the summer of ‘12. A couple Chinese intrusion sets went ham with this almost as a final hurrah considering the exposure it brought on them and how things changed over the years to follow.

1

I replied to your other similar comment on 2012-0158, but said another way it’s hard for me to imagine the purpose of this rating system is to go through and down-rate vulnerabilities over time as patches are created and deployed. The rating I gave is my opinion based on the vulnerability at the time it came out. If your Office isn’t vulnerable to this exploit (and it shouldn’t be), then obviously the rating doesn’t apply to you. This is even true of 0-days.

2

good question. my assumption is this rating system is based on a scenario where the target is vulnerable/not mitigated and contemporaneous to first observation/exploitation for factors like enterprise exposure.

2
Ratings
Technical Analysis

Was obvious the week it hit that it would replace 2010-3333, and it did. Bread and butter for many phishing campaigns for years.

2
Ratings
Technical Analysis

Was the bread and butter for many phishing campaigns for years.

1
Ratings
Technical Analysis

A bit legendary at this point but memory chunks from VPN devices was a real problem. If vulnerable, got hit.

2
Ratings
Technical Analysis

Can download the session DB in one request and escalate to admin on the VPN concentrator. May not be configured to log unauthenticated requests. Causes massive damage. If not patched, likely wrecked.