- Jun 9, 2013
- 6,720
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.).
The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it is already being exploited in attacks in the wild.
The vulnerability was discovered by security researcher Nikolay Ermishkin from the Mail.Ru Security Team. The ImageMagick development team was notified and pushed out a quick fix, but it was discovered to be incomplete.
Security researcher Ryan Huber stepped in to offer more details about the scope of the bug and to offer mitigation until the ImageMagick team comes up with a definitive patch (scheduled for the weekend).
Full Article. Web servers and sites under attack via ImageMagick zero-day flaw - Help Net Security
The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it is already being exploited in attacks in the wild.
The vulnerability was discovered by security researcher Nikolay Ermishkin from the Mail.Ru Security Team. The ImageMagick development team was notified and pushed out a quick fix, but it was discovered to be incomplete.
Security researcher Ryan Huber stepped in to offer more details about the scope of the bug and to offer mitigation until the ImageMagick team comes up with a definitive patch (scheduled for the weekend).
Full Article. Web servers and sites under attack via ImageMagick zero-day flaw - Help Net Security
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
