Ad Server Patched to Stop Possible Malware Distribution

[silversurfer]

The open-source advertising platform Revive Adserver is urging customers to patch two vulnerabilities, one of which is critical and may have been exploited to allow hackers to deliver malware to third-party websites. 
 
Revive Adserver, formerly known as OpenX Source, is a free, open-source ad server, used by publishers, advertiser, ad agencies and ad networks to run and manage online ad campaigns. It urged all its customers last week to update to a new 4.2.0 version of its software, providing few details. On Monday, the company publicly disclosed more information regarding the two bugs.
 
One of the bugs is rated critical, with a CVSS score of 10, and classified as a “deserialization of untrusted data” vulnerability. This is a type of bug that occurs when untrusted data is used to abuse the logic of an application to trigger a denial-of-service attack, or execute arbitrary code upon it being deserialized, according to the description.
 
“It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites,” the bulletin added.

SOURCE: https://threatpost.com/ad-server-patched...on/144280/