News

• Rapid7 Source Code, Alert Data Accessed In Codecov Supply Chain Attack
• DarkSide Explained: The Ransomware Group Behind The Attack
• US Fuel Pipeline Paid Hackers $5 Million In Ransom
• Toshiba Unit Hacked By DarkSide
• Tesla Stops Accepting Bitcoin Due To Fossil Fuel Use
• US Petrol Supplies Tighten After Colonial Pipeline Hack
• Hacker Manipulates Apple's Find My Network For Data Exfiltration
• FACT SHEET: President Signs Executive Order Charting New Course To Improve The Nation's Cybersecurity And Protect Federal Government Networks
• Hackers Leverage Adobe Zero Day Bug Impacting Adobe Reader
• CISA Warns Over FiveHands File-Encrypting Malware Variant
• Washington DC Police Allegedly Offered $100k To Hackers To Stop Leak
• AWS Configuration Issues Lead To Exposure Of 5 Million Records
• Vulnerability Attacks Weakness In Microsoft Azure VM Extensions
• Colonial Pipeline Ransomware Attack: Everything You Need To Know
• Lemon Duck Cryptojacking Botnet Changes Up Tactics
• Finance Giant Plaid Paid People $500 For Their Employer Payroll Logins
• Major U.S. Pipeline Crippled In Ransomware Attack
• Justice Department Quietly Seized Washington Post Reporters' Phone Records During Trump Era
• Amazon Seized, Destroyed Two Million Fake Products In 2020
• Group Pleads Guilty To Running Bulletproof Hosting Service
• Biggest ISPs Paid For 8.5 Million Fake FCC Comments Opposing Net Neutrality
• Ryuk Ransomware Attack Sprung By Frugal Student
• New Moriya Rootkit Stealthily Backdoors Windows
• Critical Cisco Bugs Threaten Corporate Networks
• Your Own Phone Number Can Be Used To Hack You, Study Finds

• CIS Podcast: Cybersecurity Where You Are Ep.7 Fri, 14 May 2021 20:31:05 +0000
  

  CIS Controls v8…It’s Not About the List Part 1 of a 2-part series on the CIS Controls v8 update In this edition of Cybersecurity Where You Are, host and CIS Senior Vice President and Chief Evangelist, Tony Sager welcomes guests Randy Marchany and Phyllis Lee. Marchany is the Chief Information Security Officer (CISO) at Virginia […]

  The post CIS Podcast: Cybersecurity Where You Are Ep.7 appeared first on CIS.

Looking Glass Cyber

• Global Strategist H.P. Goldfield Joins LookingGlass Advisory Board
• LookingGlass Hires Norm Laudermilch as First Chief Cyber Officer
• Former DARPA Director Coleman Joins LookingGlass Advisory Board
• Cybersecurity Leader Gus Hunt Joins LookingGlass Advisory Board
• Cybersecurity Expert Melissa Hathaway Joins LookingGlass Advisory Board
• Former FBI Cyber Division Chief James Trainor Joins LookingGlass Advisory Board
• Military Intelligence Leader Lt. Gen. James Clapper Joins LookingGlass Advisory Board
• LookingGlass Welcomes Business Executive Dana Mariano as Chief Financial Officer
• Cybersecurity experts fear SolarWinds’ hack leads to larger attack on unprepared U.S.
• Cybersecurity Executive Bryan S. Ware Joins LookingGlass Advisory Board

Malware Patrol

• InfoSec Articles (04/26/21 – 05/10/21)
• InfoSec Articles (04/12/21 – 04/26/21)

SecList

• Ransomware world in 2021: who, how and why
  In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized.

securingtomorrow.mcafee.com

• Don’t Sweat Your Security: How to Safely Incorporate IoT Into Your Fitness Routine
• DarkSide Ransomware Victims Sold Short
• 3 Tips to a Holistic Online Security Approach
• Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit
• What the MITRE Engenuity ATT&CK® Evaluations Means to SOC Teams
• 5 Ways to Protect Your Online Privacy
• Cloud Native Security Approach Comparisons
• “Fool’s Gold”: Questionable Vaccines, Bogus Results, and Forged Cards
• Seeking Reconnection: Internet Usage and the Return to Travel
• Gartner names McAfee a Leader in 2021 Magic Quadrant for Endpoint Protection Platforms
• More Apps for Younger Users Emerging. Here’s What Parents Need to Know.

Quick Heal

• Can I keep using WhatsApp without accepting their privacy policies?
• Ficker – An Info-Stealer Malware that tricks people to get their passwords
• Beware! Hackers target users with fake COVID-19 vaccine registration app
• Alert! Wormable Android malware is spreading through social media applications
• Malicious malware impacting reviews and ratings of application
• Cyber threats against Macs are increasing! Are you prepared?
• The risks of downloading apps from unauthorized app stores
• Zloader: Entailing Different Office Files
• Data of 21 Million VPN users breached
• Hacker sabotage: Are they now going for your car?

Threat Post

• FIN7 Backdoor Masquerades as Ethical Hacking Tool
• DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
• ‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
• Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
• Ransomware’s New Swindle: Triple Extortion
• How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
• Colonial Pipeline Shells Out $5M in Extortion Payout, Report
• Ransomware Going for $4K on the Cyber-Underground
• Beyond MFA: Rethinking the Authentication Key
• Fresh Loader Targets Aviation Victims with Spy RATs

Naked Security

• Apple AirTag hacked again – free internet with no mobile data plan!
• Gamers beware! Crooks take advantage of MSI download outage…
• S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
• Beware fake online trading apps, on iOS as well as Android
• Apple AirTag jailbroken already – hacked in rickroll attack
• Never say never! Warren Buffett caught up in integer overflow error…
• S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]
• Firefox for Android gets critical update to block cookie-stealing hole
• Dell fixes exploitable holes in its own firmware update driver – patch now!
• Apple products hit by fourfecta of zero-day exploits – patch now!

Security Affairs

• European police dismantle major online investment fraud ring that causes €30 Million in losses
• Major hacking forums XSS and Exploit ban ads from ransomware gangs
• QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks
• Scheme flooding fingerprint technique may deanonymize Tor users
• Darkside gang lost control of their servers and funds
• Magecart gang hides PHP-based web shells in favicons
• Ireland’s Health Service Executive hit by ransomware attack
• Colonial Pipeline likely paid a $5M ransom to DarkSide
• Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attack
• Security at Bay: Critical Infrastructure Under Attack

Security Awareness Tips of the week

• Personalized Scams
• Identity Theft
• You Are a Target
• Virtual Private Networks
• Patch and Update

Exploits

• Chrome Array Transfer Bypass
• Student Management System 1.0 Cross Site Scripting
• Podcast Generator 3.1 Cross Site Scripting
• Chamilo LMS 1.11.14 Remote Code Execution
• Internet Explorer jscript9.dll Memory Corruption
• Firefox 72 IonMonkey JIT Type Confusion
• ScadaBR 1.0 / 1.1CE Windows Shell Upload
• Microsoft Internet Explorer 8/11 Use-After-Free
• ScadaBR 1.0 / 1.1CE Linux Shell Upload
• OpenPLC WebServer 3 Remote Code Execution
• Dental Clinic Appointment Reservation System 1.0 SQL Injection
• ZeroShell 3.9.0 Remote Command Execution
• Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
• ExifTool DjVu ANT Perl Injection
• Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
• Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
• Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
• Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
• Chevereto 3.17.1 Cross Site Scripting
• Android NFC nfa_rw_sys_disable Type Confusion
• Splinterware System Scheduler Professional 5.30 Privilege Escalation
• Odoo 12.0.20190101 Unquoted Service Path
• Customer Relationship Management (CRM) System 1.0 Shell Upload
• Customer Relationship Management (CRM) System 1.0 Cross Site Scripting
• Customer Relationship Management (CRM) System 1.0 SQL Injection

• [webapps] Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
• [webapps] Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
• [webapps] Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated)
• [local] Firefox 72 IonMonkey - JIT Type Confusion
• [local] Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free
• [webapps] ZeroShell 3.9.0 - Remote Command Execution
• [webapps] Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)
• [webapps] Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)
• [webapps] Chevereto 3.17.1 - Cross Site Scripting (Stored)
• [local] Splinterware System Scheduler Professional 5.30 - Privilege Escalation
• [local] Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
• [webapps] Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
• [webapps] Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
• [webapps] PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
• [local] TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
• [local] BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
• [local] DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
• [webapps] PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
• [local] Epic Games Rocket League 1.95 - Stack Buffer Overrun
• [webapps] Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
• [webapps] Voting System 1.0 - Remote Code Execution (Unauthenticated)
• [local] WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
• [dos] Sandboxie 5.49.7 - Denial of Service (PoC)
• [webapps] Voting System 1.0 - Authentication Bypass (SQLI)
• [local] Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
• [local] Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
• [webapps] b2evolution 7-2-2 - 'cf_name' SQL Injection
• [webapps] Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
• [webapps] Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
• [webapps] Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
• [webapps] Anote 1.0 - XSS to RCE
• [webapps] Markdownify 1.2.0 - XSS to RCE
• [webapps] Markright 1.0 - XSS to RCE
• [webapps] Freeter 1.2.1 - XSS to RCE
• [webapps] StudyMD 0.3.2 - XSS to RCE
• [webapps] Marky 0.0.1 - XSS to RCE
• [webapps] Moeditor 0.2.0 - XSS to RCE
• [webapps] SnipCommand 0.1.0 - XSS to RCE
• [webapps] Tagstoo 2.0.1 - Stored XSS to RCE
• [webapps] Xmind 2020 - XSS to RCE
• [webapps] Markdown Explorer 0.1.1 - XSS to RCE
• [webapps] Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
• [webapps] Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)
• [webapps] GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
• [webapps] GitLab Community Edition (CE) 13.10.3 - User Enumeration
• [webapps] Piwigo 11.3.0 - 'language' SQL

Last 20 Website Defacements - Zone-h

• http://camaradeguapimirim.rj.gov.br/xxx.htm
• https://aps.gov.af/readme.htm
• https://www.pm.pa.gov.br
• http://dkp.jabarprov.go.id
• http://disperindag.jabarprov.go.id
• http://diskes.jabarprov.go.id
• https://elcarmen.inah.gob.mx/4u.txt
• https://dimensionantropologica.inah.gob.mx/4u.txt
• https://fototeca-crv.inah.gob.mx/4u.txt
• http://territorioarqueologico.inah.gob.mx/4u.txt
• http://chichenitza.inah.gob.mx/4u.txt
• https://geoportal.inah.gob.mx/4u.txt
• https://radio.inah.gob.mx/4u.txt
• https://intranet.inah.gob.mx/4u.txt
• https://etnohistoria.inah.gob.mx/4u.txt
• https://plasnica.gov.mk/shell.txt
• https://crediton.gov.uk/H373.txt
• https://parliament.gov.mw
• http://www.phafaek.go.th
• https://kppolice.gov.pk

Advisories

Symantec Packet Stoem Security

• Ubuntu Security Notice USN-4954-1 Fri, 14 May 2021 13:49:42 GMT
  Ubuntu Security Notice 4954-1 - Jason Royes and Samuel Dytrych discovered that the memcpy implementation for 32 bit ARM processors in the GNU C Library contained an integer underflow vulnerability. An attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the POSIX regex implementation in the GNU C Library did not properly parse alternatives. An attacker could use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4953-1 Fri, 14 May 2021 13:45:02 GMT
  Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.
• Red Hat Security Advisory 2021-1560-01 Fri, 14 May 2021 13:43:47 GMT
  Red Hat Security Advisory 2021-1560-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.4 serves as a replacement for Red Hat AMQ Streams 1.6.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a resource exhaustion vulnerability.
• Ubuntu Security Notice USN-4952-1 Thu, 13 May 2021 15:04:02 GMT
  Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
• Ubuntu Security Notice USN-4932-2 Thu, 13 May 2021 15:02:27 GMT
  Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.
• Red Hat Security Advisory 2021-1547-01 Wed, 12 May 2021 13:53:06 GMT
  Red Hat Security Advisory 2021-1547-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.
• Red Hat Security Advisory 2021-1546-01 Wed, 12 May 2021 13:52:59 GMT
  Red Hat Security Advisory 2021-1546-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.
• Ubuntu Security Notice USN-4951-1 Wed, 12 May 2021 13:52:53 GMT
  Ubuntu Security Notice 4951-1 - Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.
• Ubuntu Security Notice USN-4949-1 Wed, 12 May 2021 13:52:46 GMT
  Ubuntu Security Notice 4949-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4948-1 Wed, 12 May 2021 13:52:40 GMT
  Ubuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
• Ubuntu Security Notice USN-4950-1 Wed, 12 May 2021 13:52:34 GMT
  Ubuntu Security Notice 4950-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
• Red Hat Security Advisory 2021-1544-01 Wed, 12 May 2021 13:52:28 GMT
  Red Hat Security Advisory 2021-1544-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
• Red Hat Security Advisory 2021-1540-01 Wed, 12 May 2021 13:52:22 GMT
  Red Hat Security Advisory 2021-1540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.
• Red Hat Security Advisory 2021-1538-01 Wed, 12 May 2021 13:51:11 GMT
  Red Hat Security Advisory 2021-1538-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.
• Ubuntu Security Notice USN-4947-1 Wed, 12 May 2021 13:51:05 GMT
  Ubuntu Security Notice 4947-1 - Kiyin discovered that the x25 implementation in the Linux kernel contained overflows when handling addresses from user space. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the fastrpc driver in the Linux kernel did not prevent user space applications from sending kernel RPC messages. A local attacker could possibly use this to gain elevated privileges. Various other issues were also addressed.
• Ubuntu Security Notice USN-4946-1 Wed, 12 May 2021 13:50:51 GMT
  Ubuntu Security Notice 4946-1 - It was discovered that the DRM subsystem in the Linux kernel contained double-free vulnerabilities. A privileged attacker could possibly use this to cause a denial of service or possibly execute arbitrary code. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schoenherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4945-1 Wed, 12 May 2021 13:50:45 GMT
  Ubuntu Security Notice 4945-1 - It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service. Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.
• Ubuntu Security Notice USN-4944-1 Tue, 11 May 2021 21:45:57 GMT
  Ubuntu Security Notice 4944-1 - This update fixed multiple vulnerabilities in MariaDB. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.48. Ubuntu 20.04 LTS has been updated to MariaDB 10.3.29. Ubuntu 20.10 has been updated to MariaDB 10.3.29. Ubuntu 21.04 has been updated to MariaDB 10.5.10.
• MikroTik RouterOS Memory Corruption Tue, 11 May 2021 21:38:05 GMT
  MikroTik's RouterOS suffers from multiple memory corruption vulnerabilities. Various versions are affected.
• Red Hat Security Advisory 2021-1532-01 Tue, 11 May 2021 15:20:42 GMT
  Red Hat Security Advisory 2021-1532-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
• Red Hat Security Advisory 2021-1531-01 Tue, 11 May 2021 15:20:32 GMT
  Red Hat Security Advisory 2021-1531-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and out of bounds write vulnerabilities.
• Ubuntu Security Notice USN-4943-1 Tue, 11 May 2021 15:20:25 GMT
  Ubuntu Security Notice 4943-1 - Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. This issue only affected Ubuntu 20.10. Various other issues were also addressed.
• Ubuntu Security Notice USN-4942-1 Tue, 11 May 2021 15:20:19 GMT
  Ubuntu Security Notice 4942-1 - A race condition was discovered in Web Render Components. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code.
• Ubuntu Security Notice USN-4941-1 Tue, 11 May 2021 15:20:01 GMT
  Ubuntu Security Notice 4941-1 - It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain images. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Various other issues were also addressed.
• Ubuntu Security Notice USN-4940-1 Mon, 10 May 2021 19:09:33 GMT
  Ubuntu Security Notice 4940-1 - It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute arbitrary code.