Skip to main content

Posts

Showing posts from November, 2015

Microsoft Word Remote Code Execution Vulnerability (CVE-2015-0097)

Remote code execution vulnerability exists in Microsoft Office software and is caused when the Office improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code CVE-2015-0097 .   To exploit this vulnerability the user has to be tricked into visiting the attacker's website by clicking on a link. Another scenario could be downloading and opening specially crafted MS office email attachment. Microsoft Word, Excel and Powerpoint contains a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution.  Once the user opens the office document the attacker is able to perform actions in security context of the logged in user.  When the user opens that cr

NTP Daemon Vulnerabilities

NTP is a protocol designed to synchronize the clocks of computers over a network. The NTP Project produces a reference implementation of the NTP protocol and implementation documentation through a largely volunteer effort. NTP uses a hierarchical, semi-layered system of time sources. Each level of this hierarchy is termed a "stratum" and is assigned a number starting with zero at the top. The NTP Project conducts Research and Development in NTP and produces the Official Reference Implementation of NTP along with the Implementation Documentation. A few weeks ago, ntp-4.2.8p4 was released which fixed multiple vulnerabilities. "NTP Daemon Arbitrary File Overwrite" , which addresses CVE-2015-7703 Description: If ntpd is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an att

How to stop "Wireless SSID" from broadcasting in Ruckus ZoneDirector and remove from APs

If you want to disable the Wireless SSID from broadcasting and remove on all Access Points, please follow below steps in your Ruckus ZoneDirector. - Login to ZoneDirector - Click "Configure" and go to "WLANs" - Fine "WLAN Groups" under "WLANs" Section - If you are using "System Default Group", just select it and edit. Then uncheck the SSID which you want to disable from bradcast and remove from all APs and Click "OK". - If you are using "Custom Group", just same as above step. Now your SSID has been disabled and removed from all Access Points. You can verify by going to Dashboard and checking "Most Recent System Activities" . That's all. Have a good time. (Be knowledgeable, pass it on then)

Troubleshooting unable to PING issue on Cisco RV215W

I had to configure and install one Meg@POP router at site office. Configuration is very simple. Just WAN, LAN and Static Routing. After all configuration was done, I can PING from router and client to SingTel Side IP and HQ side IP but not from them. I had to reviewed simple configuration repeatedly and unable to find any wrong. But after check the Firewall setting since this router has security feature included. Then realized "Block WAN Request" option checkbox was checked and need to uncheck. After I unchecked it and save, SingTel and HQ can PING to this router successfully. Thanks God. So if you are having same issue like me while configuring Cisco RV215W Wireless VPN Router, just do no forget to uncheck that "Block WAN Request" and save to able to PING from outside. Have a good time. (Be knowledgeable, pass it on then)