06-17

Weekly Awareness Report (WAR)

June 17, 2019

The Cyber Intelligence Report is an Open Source Intelligence AKA OSINT resource focusing on advanced persistent threatsand other digital dangers received by over ten thousand individuals. APTs fit into a cybercrime category directed at bothbusiness and political targets. Attack vectors include system compromise, social engineering, and even traditionalespionage. Included are clickable links to news stories, vulnerabilities, exploits, & other industry risk.

Summary

Symantec ThreatCon Low: Basic network posture

This condition applies when there is no discernible network incident activity and no maliciouscode activity with a moderate or severe risk rating. Under these conditions, only a routinesecurity posture, designed to defeat normal network threats, is warranted. Automated systemsand alerting mechanisms should be used.

Sophos: last 10 Malware* Troj/Stealer-SL* Troj/Stealer-SK* Troj/Stealer-SJ* Troj/Trickbo-RS* Troj/HTMLDL-NE* Troj/DownLnk-AB* Troj/Trickbo-RR* Troj/Godrop-I* Troj/Stealer-SI* Troj/Autoit-CNW

Last 10 PUAs* Adposhel* Remote Utilities* Neoreklami* Coin Miner* Android TruthSpy* Android HoverwatchSpyware* OpenCandy* Download Assistant* Softcnapp* KuaiZip

Interesting News

* Platinum is backIn June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countriestargeting diplomatic, government and military entities.

* * We are currently working on our own Cyber Forensics Linux distribution to be released at the begining of August called CSI Linux. We have an active FaceBook Group and YouTube Channel, Subscribe to both! As always, if you have anysuggestions, feel free to let us know. If you would like to receive the CIR updates by email, Subscribe at: CIR@informationwarfarecenter.com

Index of Sections

Current News

* Packet Storm Security

* Dark Reading

* Krebs on Security

* The Hacker News

* Infosecurity Magazine

* Threat Post

* Naked Security

* Quick Heal - Security Simplified

Hacker Corner: Tools, Hacked Defacements, and Exploits

* Security Conferences

* Packet Storm Security Latest Published Tools

* Zone-H Latest Published Website Defacements

* Packet Storm Security Latest Published Exploits

* Exploit Database Releases

Advisories

* Secunia Chart of Vulnerabilities Identified

* US-Cert (Current Activity-Alerts-Bulletins)

* Symantec's Latest List

* Packet Storm Security's Latest List

Credits

News

Packet Storm Security

* Hacker Conference Speaker Axed Over Abortion Views* Exposed Database Dumps PII Of 1.6 Million Job Seekers* Telegram DDoS Attack Launched Mostly From China* U.S. Defense, Intelligence Ramps Up Efforts To Insert Malware In Russia's Grid* Evernote Critical Flaw Opened Personal Data Of Millions To Attack* Spirit Confirms ASCO Industries Cyberattack* Symantec Plays Down Unreported Breach Of Test Data* Julian Assange's Extradition Hearing Set For 2020* 4 US Agencies Don't Properly Verify Your Data Due To The Equifax Breach* JavaScript Template Attacks Expose New Browser Fingerprinting Vectors* High Severity Cisco Flaw In IOS XE Enables Device Takeover* Facebook Emails Seem To Show Zuck Knew Of Privacy Issues* Exim Email Servers Are Now Under Attack* EFF Asks For DOJ Efforts To Break Facebook Encryption To Be Made Public* Radiohead Sells Recordings To Public After Hacker Attempts Extortion* Intel Fixes Severe NUC Firmware, Web Console Vulnerabilities* Adobe Fixes Critical Security Flaws In Flash, ColdFusion, Campaign* Linux Command-Line Editors Vulnerable To High Severity Bug* Tens Of Thousands Of Images Stolen In US Border Hack* Troy Hunt Puts Have I Been Pwned Up For Sale* FTSE 250 Firms Exposed To Possible Cyber Attacks* Microsoft Warns Of Email Attacks Executing Code Using An Old Bug* Emuparadise Gaming Emulator Website Suffers Data Breach* VLC Player Gets Patched For Two High Severity Bugs* Shanghai Jiao Tong University Exposed 8.4TB Of Email Data

Dark Reading

* Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers* The Life-Changing Magic of Tidying Up the Cloud* Find Your Next Favorite Cybersecurity Tool at the Black Hat USA Arsenal* 10 Notable Security Acquisitions of 2019 (So Far)* Common Hacker Tool Hit with Hackable Vulnerability* Better Cybersecurity Research Requires More Data Sharing* Sensory Overload: Filtering Out Cybersecurity's Noise* Triton Attackers Seen Scanning US Power Grid Networks* DNS Firewalls Could Prevent Billions in Losses to Cybercrime* Cyberattack Hits Aircraft Parts Manufacturer* Congress Gives 'Hack Back' Legislation Another Try* The CISO's Drive to Consolidation * 7 Truths About BEC Scams* Google Adds Two-Factor Authentication For Its Apps on iOS* The Rise of 'Purple Teaming'* Black Hat Q&A: Defending Against Cheaper, Accessible 'Deepfake' Tech* BlueKeep RDP Vulnerability a Ticking Time Bomb* SQL Injection Attacks Represent Two-Third of All Web App Attacks

News

Krebs on Security

* Microsoft Patch Tuesday, June 2019 Edition* LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach* Report: No 'Eternal Blue' Exploit Found in Baltimore City Ransomware* NY Investigates Exposure of 885 Million Mortgage Documents* Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors* Should Failing Phish Tests Be a Fireable Offense?* First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records* Legal Threats Make Powerful Phishing Lures* Account Hijacking Forum OGusers Hacked* Feds Target $100M 'GozNym' Cybercrime Network

The Hacker News

* Critical Flaw Reported in Popular Evernote Extension for Chrome Users* Telegram Suffers 'Powerful DDoS Attack' From China During Hong Kong Protests* Cynet Free Visibility Experience - Unmatched Insight into IT Assets and Activities* Android's Built-in Security Key Now Works With iOS Devices For Secure Login* When Time is of the Essence - Testing Controls Against the Latest Threats Faster* RAMBleed Attack - Flip Bits to Steal Sensitive Data from Computer Memory* Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities* Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign* New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions* Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Security Week

* Decryptor Released for Latest GandCrab Ransomware Variants* Push Technology Used in Mobile Attacks* Federal Agencies Still Using Knowledge-Based Identity Verification* Investigation and Response is a Team Sport* U.S. Planted Powerful Malware in Russia's Power Grid: Report* Hackers Target Recent Vulnerability in Exim Mail Server* French Authorities Release Free Decryptor for PyLocky Ransomware* Vulnerabilities Expose BD Infusion Therapy Devices to Attacks* Vulnerabilities in Thunderbird Email Client Allow Code Execution* Canadian City Loses $500,000 to Phishing Attack* Hackers Behind 'Triton' Malware Target Electric Utilities in US, APAC* Another World Password Day Has Passed and Little Has Changed* New API Changes How Ad Blockers Work in Chrome* Amid Privacy Firestorm, Facebook Curbs Research Tool* Yubico Replacing YubiKey FIPS Devices Due to Security Issue* New Malware Lays P2P Network on Top of IPFS'* The Active Cyber Defense Bill is Back on the Table* Surveillance-Savvy Hong Kong Protesters Go Digitally Dark* Converging on a Better Approach to Security* Aircraft Parts Maker ASCO Severely Hit by Ransomware

News

Infosecurity Magazine

* Microsoft Urges Azure Customers to Patch Exim Worm* Twitter Shuts Down 5000 State-Sponsored Accounts* Europol Gamifies Cryptocurrency Crime Prevention* US Lawmakers Hear Testimony on Concerns of Deepfakes* Malware a Serious Threat for Industrial Orgs* Canadian City Fell Prey to a $375K Phish* Home Secretary Signs Assange US Extradition Request* Millions of Email Servers at Risk from Cryptomining Worm* MI5 Breached Surveillance Law for Years* Employees Out of Work After ASCO Hit by Ransomware

Threat Post

* A Spate of University Breaches Highlight Email Threats in Higher Ed* Microsoft Pushes Azure Users to Patch Linux Systems* Ransomware: A Persistent Scourge Requiring Corporate Action Now* ThreatList: Ransomware Trojans Picking Up Steam in 2019* News Wrap: Amazon Privacy and Telegram DDoS Attack* TRISIS Group, Known for Physical Destruction, Targets U.S. Electric Companies* Amazon Alexa Secretly Records Children, Lawsuits Allege* Millions of Linux Servers Under Worm Attack Via Exim Flaw* Hackers Favor Weekdays for Attacks, Share Resources Often* Evernote Critical Flaw Opened Personal Data of Millions to Attack

Naked Security

* Yubico recalls FIPS Yubikey tokens after flaw found* Privacy foul for soccer league app that eavesdropped on users* I'd like to add you to my professional network of people to spy on* Widely used medical infusion pump can be remotely hijacked* Monday review - the hot 21 stories of the week* Critical flaw found in Evernote Web Clipper for Chrome* Android phones can now be security keys for iOS devices* Facebook got 187,000 users' data with snoopy VPN app* Cop arrested following explicit chat with bogus 16yo girl* Facebook keeps deepfake of Mark Zuckerberg

Quick Heal - Security Simplified

* The website I visited behaves weirdly. I wonder if I'm hacked?* Beware! The padlock icon and HTTPS are no more indicators of safe website* What makes Quick Heal's Next Generation Suite of Features a SMART choice to protect your privacy?* APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise* CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel* Quick Heal supports the Windows 10 May 2019 Update* What is Emotet?* CVE-2019-0708 - A Critical "Wormable” Remote Code Execution Vulnerability in Windows RDP* Miners snatching open source tools to strengthen their malevolent power!

Security Conferences* Free 6 Month Speaking Plan Questionnaire* Free 6 Month Speaking Plan* How To Speak At DEF CON* Join Our LinkedIn Group* Upcoming Cybersecurity Conferences in the United States & Canada

Tools & Techniques* Falco 0.15.3* Falco 0.15.2* Hyperion Runtime Encrypter 2.0* HiddenWall Linux Firewall* Zed Attack Proxy 2.8.0 Cross Platform Package* Falco 0.15.1* Faraday 3.8.0* Stegano 0.9.4* SQLMAP - Automatic SQL Injection Tool 1.3.6* Bro Network Security Monitor 2.6.2* CocoaDebug : iOS Debugging Tool* GetWin : FUD Win32 Payload Generator & Listener* Semantic : Parsing, Analysing & Comparing Source Code Across Many Languages* KaliTorify : Transparent Proxy Through Tor For Kali Linux OS* RustBuster : DirBuster for Rust* Salsa Tools : ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP & AV Bypass, AMSI Patched* Bonesi : Tool For DDoS Botnet Simulator* Intensio Obfuscator : Obfuscate A Python Code 2.x & 3.x* PhoneInfoga : Advanced Information Gathering & OSINT Tool For Phone Numbers* Yaazhini - Free Android APK & API Vulnerability Scanner

Latest Zone-H Website Defacements* http://dz-water.gov.sy/Relaz.php* http://www.bappeda.acehselatankab.go.id/ind3x.php* http://siumkm.diskopukmnaker.banjarbarukota.go.id/maxxct.txt* http://galerikumkmbanjarbaru.diskopukmnaker.banjarbarukota.go.id/maxxct.txt* http://dppkad.nagekeokab.go.id/erere.htm* http://admpemb.nagekeokab.go.id/erere.htm* http://dishubkominfo.nagekeokab.go.id/erere.htm* https://csa.gov.pk/raiz.html* https://dded.gov.in/Legito.txt* http://deorangpur.gov.bd/ip.php* http://www.onur.gov.lk* http://www.gramashakthi.gov.lk* http://nrce.gov.in* https://sameep.gov.ar/z.htm* https://tampico.gob.mx/Legito.txt* http://www.jeep.com.do/by.htm* http://www.kamkoksoong.go.th* http://www.paeng.go.th* http://www.bayaolocal.go.th

Proof of Concept (PoC) & Exploits

Packet Storm Security

* Exim 4.91 Local Privilege Escalation* Netperf 2.6.0 Buffer Overflow* AROX School-ERP Pro Unauthenticated Remote Code Execution* HC10 HC.Server Service 10.14 Remote Invalid Pointer Write* Microsoft Word (2016) Deceptive File Reference* Spring Security OAuth 2.3 Open Redirection* Microsoft Windows UAC Protection Bypass* RedwoodHQ 2.5.5 Authentication Bypass* Clever Dog Smart Camera DOG-2W / DOG-2W-V4 File Disclosure / Backdoor* Java Card Proof Of Concepts* Thunderbird libical Type Confusion* Thunderbird libical Stack Buffer Overflow* Thunderbird libical icalparser.c Heap Overflow* Thunderbird libical Heap Overflow* CentOS 7.6 ptrace_scope Privlege Escalation* Aida64 6.00.5100 SEH Buffer Overflow* Tzumi Electronics Klic Lock Authentication Bypass* WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials* APCUPSD Information Leak* Pronestor Health Monitoring Privilege Escalation* Sitecore 8.x Deserialization Remote Code Execution* WebLord WL-Nuke Coppermine For PHP-Nuke 1.3.1c SQL Injection

Exploit Database

* [local] Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow* [papers] Active Directory Enumeration with PowerShell* [local] CentOS 7.6 - 'ptrace_scope' Privilege Escalation* [local] Pronestor Health Monitoring * [webapps] Sitecore 8.x - Deserialization Remote Code Execution* [papers] LDAP Swiss Army Knife* [webapps] FusionPBX 4.4.3 - Remote Command Execution* [remote] Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)* [webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting* [webapps] phpMyAdmin 4.8 - Cross-Site Request Forgery* [webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution* [local] ProShow 9.0.3797 - Local Privilege Escalation* [shellcode] Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)* [local] Ubuntu 18.04 - 'lxd' Privilege Escalation* [webapps] UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting* [local] Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)* [shellcode] Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)* [remote] Exim 4.87

AdvisoriesUS-Cert Alerts & bulletins

* AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability* AA19-122A: New Exploits for Unsecure SAP Systems* SB19-161: Vulnerability Summary for the Week of June 3, 2019* SB19-154: Vulnerability Summary for the Week of May 27, 2019

Symantec - Latest List

* Microsoft Windows CVE-2019-1064 Local Privilege Escalation Vulnerability* Microsoft Windows Shell CVE-2019-1053 Local Privilege Escalation Vulnerability* Microsoft Windows Installer CVE-2019-0973 DLL Loading Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0711 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0710 Denial of Service Vulnerability* Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability* Microsoft Windows Audio Service CVE-2019-1007 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1028 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1027 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1026 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1022 Local Privilege Escalation Vulnerability* Microsoft Windows Audio Service CVE-2019-1021 Local Privilege Escalation Vulnerability* Microsoft Windows Hyper-V CVE-2019-0709 Remote Code Execution Vulnerability* Microsoft Windows Hyper-V CVE-2019-0722 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-0977 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-0968 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1050 Information Disclosure Vulnerability* Microsoft Windows Hyper-V CVE-2019-0620 Remote Code Execution Vulnerability* Microsoft Windows GDI Component CVE-2019-1049 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1048 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1047 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1046 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1016 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1015 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1013 Information Disclosure Vulnerability* Microsoft Windows GDI Component CVE-2019-1012 Information Disclosure Vulnerability

Packet Storm Security - Latest List

Ubuntu Security Notice USN-3991-3Ubuntu Security Notice 3991-3 - USN-3991-1 fixed vulnerabilities in Firefox, and USN-3991-2 fixed asubsequent regression. The update caused an additional regression that resulted in Firefox failing to loadcorrectly after executing it in safe mode. This update fixes the problem. Various other issues were alsoaddressed.Red Hat Security Advisory 2019-1492-01Red Hat Security Advisory 2019-1492-01 - The Berkeley Internet Name Domain is an implementation of theDomain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying thatthe DNS server is operating correctly. A connection rate limiting control vulnerability has been addressed.Red Hat Security Advisory 2019-1477-01Red Hat Security Advisory 2019-1477-01 - Chromium is an open-source web browser, powered by WebKit.This update upgrades Chromium to version 75.0.3770.80. Issues addressed include buffer overflow andbypass vulnerabilities.Red Hat Security Advisory 2019-1476-01Red Hat Security Advisory 2019-1476-01 - The flash-plugin package contains a Mozilla Firefox compatibleAdobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.207. Issuesaddressed include a code execution vulnerability.Debian Security Advisory 4463-1Debian Linux Security Advisory 4463-1 - Two vulnerabilities were discovered in the ZNC IRC bouncer whichcould result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding(CVE-2019-9917).Dell EMC Avamar ADMe Web UI 1.0.50 / 1.0.51 Local File InclusionDell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow amalicious user to download arbitrary files from the affected system by sending a specially crafted request to theWeb Interface application. Versions 1.0.50 and 1.0.51 are affected.Gemalto Java Card SE-2019-01 Issue 34This is the second of two extensive reports sent to Gemalto by Security Explorations to documentvulnerabilities found in Java Card. Issue 34 is documented in this report.Gemalto Java Card SE-2019-01 Issues 19 And 33This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilitiesfound in Java Card. Issues 19 and 33 are in this report.Oracle Java Card SE-2019-01 Issues 26-32This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilitiesfound in Java Card. Issues 26 through 32 are in this report.Oracle Java Card SE-2019-01 Issues 20-25This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilitiesfound in Java Card. Issues 20 through 25 are in this report.Oracle Java Card SE-2019-01 Issues 1-18This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilitiesfound in Java Card. Issues 1 through 18 are in this report.Debian Security Advisory 4462-1Debian Linux Security Advisory 4462-1 - Joe Vennix discovered an authentication bypass vulnerability in dbus,an asynchronous inter-process communication system. The implementation of the DBUS_COOKIE_SHA1authentication mechanism was susceptible to a symbolic link attack. A local attacker could take advantage ofthis flaw to bypass authentication and connect to a DBusServer with elevated privileges.Slackware Security Advisory - mozilla-thunderbird UpdatesSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -currentto fix security issues.

Red Hat Security Advisory 2019-1467-01Red Hat Security Advisory 2019-1467-01 - Python is an interpreted, interactive, object-oriented programminglanguage, which includes modules, classes, exceptions, very high level dynamic data types and dynamictyping. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Issues addressed include an information leakage vulnerability.Debian Security Advisory 4461-1Debian Linux Security Advisory 4461-1 - Harrison Neil discovered that the getACL() command in Zookeeper, aservice for maintaining configuration information, did not validate permissions, which could result in informationdisclosure.Ubuntu Security Notice USN-4015-2Ubuntu Security Notice 4015-2 - USN-4015-1 fixed a vulnerability in DBus. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that DBusincorrectly handled DBUS_COOKIE_SHA1 authentication. A local attacker could possibly use this issue tobypass authentication and connect to DBus servers with elevated privileges. Various other issues were alsoaddressed.Debian Security Advisory 4460-1Debian Linux Security Advisory 4460-1 - Multiple security vulnerabilities have been discovered in MediaWiki, awebsite engine for collaborative work, which may result in authentication bypass, denial of service, cross-sitescripting, information disclosure and bypass of anti-spam measures.Ubuntu Security Notice USN-4016-2Ubuntu Security Notice 4016-2 - It was discovered that Neovim incorrectly handled certain files. An attackercould possibly use this issue to execute arbitrary code.Debian Security Advisory 4459-1Debian Linux Security Advisory 4459-1 - Multiple security issues were discovered in the VLC media player,which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed.Red Hat Security Advisory 2019-1455-01Red Hat Security Advisory 2019-1455-01 - The Advanced Virtualization module provides the user-spacecomponent for running virtual machines that use KVM in environments managed by Red Hat products. Issuesaddressed include a CPU related vulnerability.Ubuntu Security Notice USN-4014-2Ubuntu Security Notice 4014-2 - USN-4014-1 fixed a vulnerability in GLib. This update provides thecorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that GLib incorrectlyhandled certain files. An attacker could possibly use this issue to access sensitive information.Red Hat Security Advisory 2019-1436-01Red Hat Security Advisory 2019-1436-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suitedfor high availability environments. Issues addressed include denial of service and information leakagevulnerabilities.Red Hat Security Advisory 2019-1429-01Red Hat Security Advisory 2019-1429-01 - Red Hat CloudForms Management Engine delivers the insight,control, and automation needed to address the challenges of managing virtual environments. CloudFormsManagement Engine is built on Ruby on Rails, a model-view-controller framework for web applicationdevelopment. Action Pack implements the controller and the view components. Issues addressed include acode execution vulnerability.Ubuntu Security Notice USN-4016-1Ubuntu Security Notice 4016-1 - It was discovered that Vim incorrectly handled certain files. An attacker couldpossibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. It was discoveredthat Vim incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

https://www.informationwarfarecenter.com