The vulnerability of the Microsoft Office software allows a malicious attacker to execute arbitrary code with privileges of the current user.

Microsoft Office software vulnerabilities, related to errors in processing specially crafted files. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code with privileges of the current user...

The vulnerability of the Microsoft Word Viewer allows a malicious attacker to execute arbitrary code with the privileges of the current user.

A vulnerability in the Microsoft Word Viewer software exists, related to errors in processing specially crafted files. Exploiting this vulnerability allows a malicious attacker to execute arbitrary code with privileges of the current user...

The vulnerability of the Microsoft Office software allows a malicious attacker to execute arbitrary code with privileges of the current user.

Microsoft Office software vulnerabilities, related to errors in processing specially crafted files. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code with privileges of the current user...

The vulnerability of the Microsoft Office Web Apps package allows a remote attacker to execute arbitrary code with privileges of the current user.

The vulnerability of the Office Web Apps Server package, related to errors in processing specially crafted files, allows a malicious actor to execute arbitrary code with the privileges of the current user...

Foxit Reader Pattern Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF...

Foxit Reader ConvertToPDF BMP Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ConvertToPDF...

Slackware 14.0 / 14.1 / current : php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-176-01. The text itself is copyright C...

Microsoft Edge JavaScript filter Method Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementatio...

Microsoft Edge Chakra JavaScript Scripting Engine Memory Corruption Vulnerability

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JavaScript engine is a JavaScript engine component used by Edge web browser. A memory corruption vulnerability exists in the way the Chakra JavaScript engine us...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04055)

Microsoft Internet Explorer IE is a Web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.JScript is one of the interpreted object-based scripting languages; VBScript Visual Basic Script is one of the scripting languages, and is also the defau...

Microsoft Office Memory Corruption Vulnerability (CNVD-2016-04049)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office, which arises from the program's failure to...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-04053)

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in Microsoft IE versions 9 through 11, which arises when the program fails to properly...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04052)

Microsoft Internet Explorer IE is a Web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.JScript is one of the interpreted object-based scripting languages; VBScript Visual Basic Script is one of the scripting languages, and is also the defau...

Microsoft Internet Explorer XSS Filter Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A remote code execution vulnerability exists in the XSS filter of Microsoft IE versions 9 through 11, which stems from the program's...

Microsoft Office Memory Corruption Vulnerability (CNVD-2016-04050)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office, which arises from the program's failure to...

The vulnerability of the multimedia player iTunes, which allows a user to elevate their privileges

The vulnerability of the iTunes multimedia player installation program is related to the use of an unreliable search path. Exploiting this vulnerability allows a local attacker to enhance their privileges by using a Trojan DLL in the current working directory...

Adobe Flash TextBlock releaseLineCreationData Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextBlock object...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mozilla-thunderbird-45.1.1-i486-1slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more...

Apple iTunes < 12.4 DLL Injection Arbitrary Code Execution (uncredentialed check)

The version of Apple iTunes running on the remote Windows host is prior to 12.4. It is, therefore, affected by a DLL Dynamic Link Library injection vulnerability in the setup component that is triggered when running the installer from an untrusted directory. An attacker can exploit this...

Apple iTunes < 12.4 DLL Injection Arbitrary Code Execution (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.4. It is, therefore, affected by a DLL Dynamic Link Library injection vulnerability in the setup component that is triggered when running the installer from an untrusted directory. An attacker can exploit this...