CVE-2025-21298: Critical Zero-Click Vulnerability in Windows OLE

Overview On January 14, 2025, Microsoft disclosed CVE-2025-21298, a critical vulnerability affecting Windows OLE technology. Assigned a CVSS score of 9.8, this zero-click vulnerability enables attackers to execute arbitrary code on a victim’s system without user interaction, simply through email preview. Vulnerability Details CVE ID: CVE-2025-21298 Description: The vulnerability resides in the UtOlePresStmToContentsStm function within the ole32.dll library. This function is responsible for converting data in an “OlePres” stream into the appropriate format and inserting it into the “CONTENTS” stream within an OLE storage....

January 25, 2025 · 2 min · Anass

CVE-2024-6387: Critical Vulnerability in OpenSSH (RegreSSHion Exploit)

A critical vulnerability has been identified in OpenSSH’s server (sshd), affecting many glibc-based systems. Ironically named regreSSHion, it poses a risk of remote code execution (RCE) as root on the affected systems. Overview A critical security flaw, known as “regression” and cataloged under CVE-2024-6387, has been identified in OpenSSH. This vulnerability allows an unauthenticated attacker to execute arbitrary code and potentially obtain root access on the compromised system, Vulnerability Details CVE ID: CVE-2024-6387 Description: A signal handler race condition that allows unauthenticated Remote Code Execution (RCE) as root....

July 9, 2024 · 2 min · Anass