Remote code execution

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."...

Remote code execution

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."...

CVE-2014-6335

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."...

CVE-2014-6334

CVE-2014-6334 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue is a memory-handling flaw in parsing crafted Office documents that can lead to remote code execution or memory corruption/DoS. The connected OpenVAS/Nessus entries corroborate Word/Office comp...

CVE-2014-6335

CVE-2014-6335 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The root cause is improper handling of objects in memory while parsing specially crafted Office files, leading to remote code execution or memory corruption (and possible DoS). Technical details across ...

CVE-2014-6333

CVE-2014-6333 affects Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3. The issue arises when parsing specially crafted Office documents, enabling a remote attacker to execute arbitrary code in the context of the logged-in user. The connected advisories consolidate three re...

Unable to add DataDomain DDBoost repository connected over Fibre Channel

Challenge When adding DataDomain as a backup repository using DDBoost over Fibre Channel, the following error is shown: Failed to connect to 'DFC-'. --tr:Unable to initialize Data Domain connection. --tr:Failed to call DoRpc. CmdName: DDBoostCheckConnection. invalid argument. Err: 5008 Failed to...

Microsoft Office Invalid Pointer CVE-2014-6335 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...

EMET 5.1 is available

Today, we’re releasing the Enhanced Mitigation Experience Toolkit EMET 5.1 which will continue to improve your security posture by providing increased application compatibility and hardened mitigations. You can download EMET 5.1 from microsoft.com/emet or directly from here. Following is the list...

[SECURITY] Fedora 21 Update: python3-3.4.1-16.fc21

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

[SECURITY] Fedora 21 Update: slapi-nis-0.54.1-1.fc21

This package provides two plugins for Red Hat and 389 Directory Server. The NIS Server plugin allows the directory server to act as a NIS server for clients, dynamically generating and updating NIS maps according to its configuration and the contents of the DIT, and serving the results to clients...

[SECURITY] Fedora 20 Update: python-oauth2-1.5.211-8.fc20

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

[SECURITY] Fedora 19 Update: python-oauth2-1.5.211-8.fc19

Oauth2 was originally forked from Leah Culver and Andy Smith's oauth.py code. Some of the tests come from a fork by Vic Fryzel, while a revamped Request class and more tests were merged in from Mark Paschal's fork. A number of notable differences exist between this code and its forefathers: - 100...

Google Adds Hardware Security Key For Account Protection

Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designe...

Format string

Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code...

Microsoft Office and Compatibility Pack Remote Code Execution Vulnerability (3000434)

This host is missing an important security update according to Microsoft Bulletin MS14-061. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...

Microsoft Office Word File Processing CVE-2014-4117 Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...

Fedora 21 : mksh-50c-1.fc21 (2014-12210)

R50c is a security fix release : - Know more rare signals when generating syssigname replacement - OpenBSD sync mostly RCSID only - Document HISTSIZE limit; found by luigi345 on IRC - Fix link to Debian .mkshrc - Cease exporting $RANDOM Debian 760857 - Fix C99 compatibility - Work around klibc bu...

Fedora 20 : mksh-50c-1.fc20 (2014-12242)

R50c is a security fix release : - Know more rare signals when generating syssigname replacement - OpenBSD sync mostly RCSID only - Document HISTSIZE limit; found by luigi345 on IRC - Fix link to Debian .mkshrc - Cease exporting $RANDOM Debian 760857 - Fix C99 compatibility - Work around klibc bu...