Schutz von personenbezogenen Daten

Compliance sichert Ihren Erfolg!

Datenschutz

Erfahrung

Erfolgreiche Projekte schaffen Vertrauen!

Zu den Projekten

Unterstützung in Ihren Prozessen

Der Blick über den Tellerrand!

Consulting Services

Unterstützung nach Maß!

Lernen wir uns kennen!

Kontakt zu SOLIT

SOLIT

SOLIT Information Security ist ein inhabergeführtes Beratungsunternehmen für Informationssicherheit. Seit 2008 stehen wir Kunden in allen Fragen rund um Informationssicherheit und Datenschutz zur Verfügung. Als Beratungsunternehmen in der Informationssicherheit unterstützen wir unsere Kunden bei der Einführung, Erhaltung und kontinuierlichen Verbesserung ihrer IT basierenden Unternehmenssicherheit. Dies umschließt sowohl die Organisation mit ihren Prozessen als auch die zugehörige Technik. Ein besonderes Augenmerk liegt auf den Menschen als Mitarbeiter im Unternehmen. Sicherheit kann nie gegen den Menschen eingeführt werden – der Mitarbeiter muss “mitgenommen” werden. Dies gelingt uns in Projekten auf unterschiedliche Art und Weise!

Als geschäftsführender Gesellschafter leitet Jörg Stefan Folz das Unternehmen seit Gründung im Jahr 2008.

 

Consulting Services

Informationssicherheit im Unternehmen ist heutzutage ein wesentlicher Erfolgsfaktor  – und gleichzeitig zwingende Notwendigkeit!

Als Beratungsunternehmen unterstützen wir unsere Kunden bei Konzeption, Erhaltung und kontinuierlichen Verbesserung ihrer IT basierenden Unternehmenssicherheit. Wir stützen uns dabei auf die Pfeiler Prozesse (Organisation), Technik und den Menschen.

Dabei liegt ein wesentlicher Fokus auf der Begleitung des Kunden in Projekten, in denen Informationssicherheit eine Relevanz besitzt. Wir planen und managen Projekte im Auftrag des Kunden und sorgen für die gewünschte Zielerreichung. Technische Integrationen können dabei vom Kunden selbst oder anderen Dienstleistern übernommen werden.

Die Organisation mit ihren Prozessen definiert den Rahmen der Informationssicherheit im Unternehmen. Hier unterstützen wir unsere Kunden beispielsweise in folgenden Themenkomplexen:

  • Aufbau, Überprüfung und Bewertung des ISMS (Managementsystem Informationssicherheit)
  • Beratung und Ausarbeitung von IT-Sicherheitsstrategien
  • Risikobewertungen und Assessments
  • Business Continuity Management

Weitere Beispiele finden Sie in den Projekten.

Die Abbildung von Vorgaben der Informationssicherheit findet sich auch in der technischen Ebene wieder. Wir unterstützen Kunden mit der Erstellung von Fachkonzepten für unterschiedliche Problemstellungen oder auch Evaluierungen von technischen Lösungen. Technische Audits und Penetrationstest stellen fest, ob die technische Sicherheit in Ihrem Unternehmen korrekt implementiert ist.

Als Spezialist im Bereich Public Key Infrastrukturen (PKI) planen, integrieren und überprüfen wir sowohl die serverseitigen Komponenten als auch die auf der PKI basierende Anwendungen.

Das schwächste Glied in der Sicherheitskette ist – wie so häufig – der Mensch. Im Sicherheitsprozess muss ihm gesondert Rechnung getragen werden. Selbstverständlich zählen hierzu Richtlinien, Policies und Handlungsanweisungen. Jedoch werden diese allzu leichtfertig umgangen, da sie häufig den Arbeitsablauf stören. Daher muss dem Faktor Mensch auch auf andere Weise Rechnung getragen werden. Hierzu zählt der Auf- und Ausbau des Sicherheitsbewußtseins, zum Beispiel über Security Awareness Programme.

Projekte

Erfolgreiche Projekte schaffen Vertrauen!

Die Fragestellungen in der Informationssicherheit und im Datenschutz sind vielfältig. Damit Sie einen Eindruck über die Bandbreite unserer Tätigkeiten bekommen, finden Sie hier eine Auswahl an unterschiedlichen Projekten. Detaillierte Referenzprojekte gerne auf Anfrage.

 

Entwicklung und Dokumentation von Lastenheften

Nicht nur im Entwicklungsbereich ist die strukturierte Aufnahme von Anforderungen eine wesentliche Voraussetzung, um zielgerichtet Projekte zu beauftragen. SOLIT unterstützt den Kunden im gesamten Prozess des requirements Management und stellt die ordnungsgemäße Dokumentation sicher. Beispielprojekte sind die Auswahl/Ausschreibung einer neuen IT-Infrastruktur (staatliches Unternehmen) oder die Auswahl eines technischen Security Providers (Finanzinstitut).

Konzeption und Prüfung sicherer Remotezugriffe (remote access)

Lösungen für Remote-Zugriffe ins interne Netzwerk von Finanzinstituten unterliegen besonderen Bedingungen (u.a. gesetzliche und aufsichtsrechtliche Vorgaben). Unter Berücksichtigung dieser Vorgaben wurden mehrere Lösungen konzipiert, die Sicherheit und Benutzerfreundlichkeit miteinander kombinieren. Die Begleitung bei der Vorstellung dieser Projekte bei der Luxembourger Bankenaufsicht (CSSF) gehört mit zu den Aufgaben.

Datenschutz

In laufenden Mandaten übernehmen wir die Funktion des Datenschutzbeauftragten und sorgen für sichere und gesetzeskonforme Verarbeitung personenbezogener Daten.

Konzeption und Integration einer “all-in-one” Smartcard für verschiedene Anwendungszwecke

Auf Basis einer Smartcard mit Legic Modul wurde eine Authentisierungslösung entwickelt, auf deren Basis die Mitarbeiter des Unternehmens

  • Zutritt zum Unternehmen erhalten (inkl. Zeiterfassung)
  • mit der Karte im unternehmenseigenen Restaurant bezahlen können
  • sich an ihrer Arbeitsstation anmelden können (smartcard logon)
  • Drucke immer nur dann ausgegeben werden, wenn der Benutzer am Drucker mit der smartcard authentisiert wurde (FollowMe Printing)
  • Absicherung von Remote Access Zugriffen

Weitere Anwendungsfälle werden laufend integriert. Die stete Anforderung ist, dass jeder Mitarbeiter alle Funktionen mit nur einer einzigen Karte ausführen kann!

Konzeption und Integration von Public Key Infrastrukturen

PKI als Framework ist die Grundlage für unterschiedliche Anwendungsfälle, wenn es um sichere Authentisierung oder Verschlüsselung geht. Für mehrere Kunden planen und integrieren wir Public Key Infrastrukturen auf Basis der Microsoft certificate services. Anwendungsfälle, die damit durchgeführt werden sind z.B.

  • Workflow Anbindungen
  • Austausch verschlüsselter und signierter Emails für Kundenverkehr (PKI mit “Aussenwirkung”)
  • Smartcard logon
  • Remote Access (s.o.)
  • uvm.

Planung und Implementierung eines ISMS

Aufbau und Prüfung von Sicherheitsorganisationen nach Standard ISO/IEC 27001

Business Continuity Management

Für ein Finanzinstitut wurde das vorhandene BCM auf völlig neue Beine gestellt. SOLIT begleitete den gesamten Prozess, der an den BSI Standard 100-4 angelehnt ist, beginnend bei der Business Impact Analyse über Risiko-Analyse bis hin zur Umsetzung des Notfallvorsorgekonzeptes.

Security Awareness Programm

Für Kunden werden unterschiedliche Formen von Awareness Programmen abgehalten. Allen gemeinsam ist, dass sie immer Veranstaltungen für Mitarbeiter enthalten. In diesen wird nicht mit erhobenem Zeigefinger auf die Risiken und Gefahren hingewiesen, die je nach Kundenanfrage im Raum stehen. Im Gegenteil: Es wird auf lockere Art und Weise aufgezeigt, wie einfach das Ausnutzen von Sicherheitslücken sein kann – und dass jeder ein potentielles Angriffsziel bieten kann.

Projektbegleitung für Informationssicherheit

Häufig stehen bereits im Vorfeld in größeren Projekten die Player fest. Dem Kunden fehlt jedoch eine unabhängige Instanz, die IT-Sicherheitsthemen professionell begleitet und dem Kunden mit Anregungen zur Seite steht. Diese Aufgabenstellung wurde bereits mehrfach wahrgenommen.

Durchführung von Penetrationstests

Zur Überprüfung der Sicherheit von exponierten Systemen führen wir für Kunden unterschiedliche Penetrationstests durch. Die Ergebnisse werden verwendet um die Sicherheit der Systeme / Applikationen zu bestätigen respektive zu verbessern.

Datenschutz

Gelebter Datenschutz als Teil der unternehmensinternen Compliance gibt Unternehmen und ihren Kunden die Sicherheit, die zum Unternehmenserfolg beiträgt!

Als in Luxembourg akkreditiertes Unternehmen für Datenschutz stellen wir gemeinsam mit dem Kunden die gesetzlichen Anforderungen sicher. Sowohl in Projekten als auch in Mandaten! In Luxembourg können Unternehmen, die für Verarbeitungen von Personendaten verantwortlich sind, einen Datenschutzbeauftragten benennen. In diesem Fall werden sie von ihrer Meldepflicht gegenüber der Nationalkommission für Datenschutz (CNPD) entbunden. Die Berufung eines (externen) Datenschutzbeauftragten hat weitere Vorteile: Unternehmen müssen sich nicht um die erforderliche Weiterbildung eines Mitarbeiters für Datenschutz kümmern. Es werden keine internen Ressourcen für “betriebsfremde” Aktivitäten eingesetzt. Sowohl im operativen Tagesgeschäft als auch in Projekten können sich Datenverarbeiter auf die Expertise von SOLIT verlassen.

SOLIT Information Security unterstützt Sie im Bereich Datenschutz

  • mit der Übernahme des Mandats als Datenschutzbeauftragter (chargé de la protection des données agréées)
  • bei Fragen zum Datenschutz und in speziellen Verarbeitungen
  • bei der Absicherung von Verarbeitungen gem. Luxembourger Datenschutz (Gesetz vom 02. August 2002)
  • in Prüfungen und bei der Erstellung von Konzepten
  • sowie in allen anderen Themen rund um den Datenschutz!

Service

Vulnerabilities

Recent Vulnerabilities

Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653..
Posted: August 20, 2017, 5:03 pm
Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability.".
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF)..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Resnet - DNS Configuration Web Vulnerability .
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability"..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672..
Posted: August 20, 2017, 5:03 pm
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution..
Posted: August 20, 2017, 5:03 pm
Posted by Maor Shwartz on Aug 17SSD Advisory – Chrome Turbofan Remote Code Execution Full report: a rel="nofollow" href="https://blogs.securiteam.com/index.php/archives/3379" https://blogs.securiteam.com/index.php/archives/3379 /a Twitter account: @SecuriTeam_SSD < a rel="nofollow" href="https://twitter.com/SecuriTeam_SSD" https://twitter.com/SecuriTeam_SSD /a > Vulnerability Summary The following advisory describes a type confusion vulnerability that leads to remote code execution found in Chrome browser version 59. Chrome browser is affected by a type confusion vulnerability. The vulnerability results... .
Posted: August 18, 2017, 12:00 am
Posted by Vulnerability Lab on Aug 16Document Title: =============== Microsoft Resnet - DNS Configuration Web Vulnerability References (Source): ==================== a rel="nofollow" href="https://www.vulnerability-lab.com/get_content.php?id=2087" https://www.vulnerability-lab.com/get_content.php?id=2087 /a Acknowledgements: a rel="nofollow" href="https://technet.microsoft.com/en-us/security/cc308589.aspx" https://technet.microsoft.com/en-us/security/cc308589.aspx /a Release Date: ============= 2017-08-16 Vulnerability Laboratory ID (VL-ID): ==================================== 2087 Common Vulnerability Scoring System:... .
Posted: August 16, 2017, 12:00 am
Posted by Maor Shwartz on Aug 11*SSD Advisory – Adobe Reader DC – execMenuItem Off-by-One Heap Buffer Overflow* Full report: a rel="nofollow" href="https://blogs.securiteam.com/index.php/archives/3275" https://blogs.securiteam.com/index.php/archives/3275 /a Twitter account: @SecuriTeam_SSD *Vulnerability Summary*The following advisory describes a JavaScript execMenuItem off-by-One heap buffer overflow, that can potentially lead to Remote Code Execution, found in Adobe Reader DC version 15.23.20056.213124. *Credit* An independent security researcher,... .
Posted: August 11, 2017, 12:00 am
Multiple vulnerabilities have been identified in Microsoft Products, which could be exploited by attackers to cause the following impact(s): Denial of Service ;Elevation of Privilege ;Remote Code Execution ;Security Restriction Bypass ;Information Disclosure ;Spoofing /li /ul A proof of concept exploit code is publicly available. /ul .
Posted: August 9, 2017, 12:00 am
Multiple vulnerabilities have been identified in Adobe Products, which could be exploited by attackers to cause the following impact(s): Remote Code Execution ;Information Disclosure.
Posted: August 9, 2017, 12:00 am
A vulnerability has been identified in Google Chrome, which could be exploited by attackers to cause the following impact(s): Remote Code Execution.
Posted: August 4, 2017, 12:00 am
Multiple vulnerabilities have been identified in Microsoft Outlook, which could be exploited by attackers to cause the following impact(s): Remote Code Execution ;Information Disclosure.
Posted: July 31, 2017, 12:00 am
Multiple vulnerabilities have been identified in Fortinet FortiOS, which could be exploited by attackers to cause the following impact(s): Cross-Site Scripting ;Remote Code Execution ;Information Disclosure.
Posted: July 31, 2017, 12:00 am

Kontakt

Lernen wir uns kennen!

SOLIT INFORMATION SECURITY

59, Route du Vin
L-6841 Machtum, Luxembourg

phone (+352) 2674 5983
fax (+352) 2674 5082
info@solit.lu

Ansprechpartner: Jörg Folz

Data Privacy Policy