The Most Frequently Exploited Vulnerabilities

In a continuously growing internet environment, new threats are emerged every day. There are many different types of these threats, and security vulnerabilities, which are perhaps the most important ones, are increasing day after day. NVD (National Vulnerability Database), which is one of the most popular vulnerability databases, currently has more than 148000 registered vulnerabilities.

What is a Vulnerability? Why Does It Occur?

Vulnerability is a name given to a weakness in a software that can be exploited by an attacker for his/her own benefit. These vulnerabilities are used to target the host where the software is installed, and as a result of a successful attack, attackers have access to the host’s main memory and storage. That way, an environment is prepared for the installation of malicious software, information theft and information change. There are many reasons why vulnerabilities occur. The complexity and large of a system, make it prone to incorrect coding. Therefore, bugs are more common in larger software. Using well-known software increases familiarity with that code. Therefore, an attacker can easily find a vulnerability in a code they already know. As a software’s dependency to the internet increases, the number of its vulnerabilities also increases. Not checking user input can also cause vulnerabilities. To summarize briefly, coding and installation -configuration- errors are the main causes of vulnerabilities.

The Most Commonly Used Vulnerabilities by Attackers

Records are collected in vulnerability databases as vulnerabilities and their information emerge. According to the information obtained from these databases and cyber security research, the most commonly used vulnerabilities in 2020 are listed as follows:

 

CVE-2017-11882 (Microsoft Office Memory Corruption Vulnerability)

This vulnerability, which was published on NVD on November 14, 2017, is a vulnerability that emerged in Microsoft Office products. The vulnerability, by causing a corruption in the machine’s memory, allows the attacker to execute malicious code.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-11882

CVE-2017-0199 (Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API)

This vulnerability, which was published on NVD on April 12, 2017, is a vulnerability that emerged in Microsoft Office and Windows products. The vulnerability allows attackers to execute code through a maliciously crafted document.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-0199

CVE-2017-5638

This vulnerability, published on NVD on March 10, 2017, is a vulnerability in the Jakarta Multipart parser of Apache Struts products. Through the vulnerability, attackers can run commands on the machine using an HTTP header. 

CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-5638

CVE-2012-0158 (MSCOMCTL.OCX RCE Vulnerability)

This vulnerability, which was published on NVD on April 10, 2012, is a vulnerability that emerged in Microsoft products. Attackers who want to exploit the vulnerability can run code by corrupting the system state through a malicious web page, Office document or RTF document.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2012-0158

CVE-2019-0604 (Microsoft SharePoint Remote Code Execution Vulnerability)

This vulnerability, which was published on NVD on April 10, 2012, is a vulnerability that emerged in Microsoft products. Attackers who want to exploit the vulnerability can run code by corrupting the system state through a malicious web page, Office document or RTF document.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2019-0604

CVE-2017-0143 (EternalBlue)

This vulnerability, published on NVD on March 16, 2017, is a vulnerability that emerged in Microsoft Windows products. It allows attackers to run code remotely through packages prepared by them.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-0143

CVE-2018-4878

This vulnerability, published on NVD on February 6, 2018, is a vulnerability in the Adobe Flash Player product. It allows the attacker to run code on the system after a successful attack.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2018-4878

CVE-2017-8759 (.NET Framework Remote Code Execution Vulnerability)

This vulnerability, published on NVD on September 12, 2017, is a vulnerability in the Microsoft .NET Framework product. It allows the attacker to run commands on the machine through a malicious document or program.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2017-8759

CVE-2015-1641 (Microsoft Office Memory Corruption Vulnerability)

This vulnerability, published on NVD on April 14, 2015, is a vulnerability that emerged in Microsoft Office products. It allows attackers to execute code remotely through a malicious RTF document.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2015-1641

CVE-2018-7600

This vulnerability, published on NVD on March 29, 2018, is a vulnerability in the Drupal product. It allows attackers to run malicious code remotely on machines with default configuration.

CVE : https://nvd.nist.gov/vuln/detail/CVE-2018-7600

Why SwordEye For Vulnerability Monitoring?

SwordEye Attack Surface Mapping gives your organization risk scores by monitoring your digital assets and external threats without the need of any configuration. Software Patching category and the applications belonging to all your assets are monitored 24/7 with a risk algorithm. The CVEs of your applications are extracted. That way, you will continue to use your applications in up-to-date and secure way. It is possible to monitor the vulnerabilities discovered on your system currently, without the need for installation with SwordEye.

 

 

 

 

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.