Published Vulnerabilities


Sparkasse Safe - Two Functions One Token to Go

Bypassing using Exchange of Session Credentials

In recent weeks, a new application has been released at the sparkasse in germany. This is the "secure safe" for documents & data as a storage unit. The application was coordinated by the financial information department in development.

The application in online banking allows confidential documents to be stored securely and easily. Personal documents are stored securely. Online banking as a linked access gives you flexible access to all your own documents or data. There are currently various offers for online banking customers with suitable storage space at a relatively low price. Since we have some team members who also use the sparkasse application, we thought we would have a look at it.


Microsoft Windows 2012 R2 (x64) - (MMC) Local DoS Vulnerability

Pointer Issue crashs local mmc.exe process on Microsoft Windows 2012 R2 x64

Due to a test in a staging-system that was fresh setup with a windows 2012 r2 release the researcher of the vulnerability lab identified a serious local denial of service vulnerability affecting different other microsoft processes or security mechanisms.

The windows 2012 r2 has a basic firewall were it is possible to setup specific rule set. Defining a block policy for ips (above 200) can result in a corruption of the windows mmc.exe (Microsoft Management Console). The result is that the actual snapshot of the session corrupts due to the error with a corruption, which results in a simple but stable application crash. The issue occurs in the kernelbase dynamic link library because of the counted ip items in the list that returns with a null pointer.


Subscribe to RSS - Published Vulnerabilities