Releases PoC for exploit that affects servers

The Proof-of-concept (PoC) of an exploit was posted online over the weekend about a Ghostscript vulnerability that compromises all component-based servers.

The PoC was published by Vietnamese security researcher Nguyen The Duc in GitHub and has been confirmed to work by several leading security researchers.code php html

Ghostscript was released in 1988 and is a small library that allows applications to edit PDF documents and PostScript-based files.

Ghostscript is also used by the server, and is usually included in image conversion and file editing tools, such as the popular ImageMagick.

PoC released by Nguyen allows an attacker to upload a malicious SVG file that is supposed to go for image processing but runs malicious code on the underlying operating system.

Nguyen may have been the one who publicly released PoC, but he did not discover the vulnerability.

It was discovered by Emil Lerner CTO and founder of Wunderfund, who used the bug last year to win bug bounties from companies such as Airbnb, Dropbox and Yandex.

This is the second time that the Ghostscript project is up to date due to security vulnerabilities. In August 2018, a Google security researcher discovered several critical vulnerabilities in the Ghostscript library that Artifex (the company that developed it) failed to fix in time. However, the company released corrections two days after the security vulnerabilities were made public. The Best Technology Site in Greece
Follow us on Google News

Proof-of-concept, proof of concept ελληνικά, proof of concept example, exploit, poc, iguru,

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).