Top 10 Favorite Vulnerabilities Hackers Exploit

0

List of Top 10 Favorite Vulnerabilities of Hackers, that they use for hacking.

In cybersecurity, vulnerability is a weakness which can be exploited by a cyber attack to gain unauthorized access to or perform unauthorized actions on a computer system. Vulnerabilities can allow attackers to run code, access a system’s memory, install malware, and steal, destroy or modify sensitive data.

To exploit a vulnerability an attacker must be able to connect to the computer system. Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security weaknesses in web applications.

List of Top 10 Best vulnerabilities used by the Hackers

Microsoft Office Memory Corruption Vulnerability (CVE-2015-1641)

Vulnerable Products:Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1

Malware: Toshliph, UWarrior

Windows SMB Remote Code Execution Vulnerability (CVE-2017-0143)

Vulnerable Products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016

Malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit

Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)

Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1

Malware: Loki, FormBook, Pony/FAREIT.

Incorrect exception handling and error-message generation during file-upload attempts in Jakarta Multipart parser in Apache Struts (CVE-2017-5638)

Vulnerable Products: Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1

Malware: JexBoss

Common or default module config issue affecting multiple subsystems in Drupal (CVE-2018-7600)

Vulnerable Products:Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1

Malware: Kitty

Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API (CVE-2017-0199)

Vulnerable Products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1

Malware: FINSPY, LATENTBOT, Dridex.

MSCOMCTL.OCX RCE Vulnerability (CVE-2012-0158)

Vulnerable Products: Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0.

Malware: Dridex

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)

Vulnerable Products: Microsoft SharePoint

Malware: China Chopper

Use-after-free vulnerability in Adobe Flash Player (CVE-2018-4878)

Vulnerable Products:Adobe Flash Player before 28.0.0.161

Malware: DOGCALL

.NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)

Vulnerable Products:Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

Malware: FINSPY, FinFisher, WingBird

However, The Microsoft Vulnerability is the most used vulnerability in the past years.

[Source: Fossbytes.com]

Share.

About Author

Be Ready for the challenge

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments