41 matches found
Security Vulnerabilities fixed in Firefox ESR 78.1 — Mozilla
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is...
JVN#69181574: Windows 7 may insecurely load Dynamic Link Libraries
In standard DLL files provided by Windows 7, there are some DLL files read from the same directory where the program resides when executing the program CWE-427. Microsoft states that the root cause of this vulnerability is "Application Directory App Dir DLL planting" , thus there is no plan to...
The installers of multiple Logicool software programs may insecurely load Dynamic Link Libraries
Overview The installers of multiple software programs provided by Logicool Co. Ltd contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427 . Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinat...
KLA11237 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF
Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An unsafe DLL loading...
Cisco FindIT Network Discovery Utility Code Execution Vulnerability
Cisco FindIT Network Discovery Utility is a network device manager from Cisco USA. The product provides management functions for Cisco network devices. A security vulnerability exists in the Cisco FindIT Network Discovery Utility. A local attacker can exploit this vulnerability by placing an...
Installer of "Remote Support Tool (Enkaku Support Tool)" may insecurely load Dynamic Link Libraries
Overview Installer of "Remote Support Tool Enkaku Support Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION and NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili...
Code injection
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."...
CVE-2017-0197
CVE-2017-0197 affects Microsoft OneNote 2007 SP3 and OneNote 2010 SP2. A DLL loading remote code execution vulnerability exists: an attacker can cause arbitrary code execution by convincing a user to open a specially crafted OneNote document. The issue is triggered by improper DLL loading validat...
VMSA-2017-0003:VMware Workstation update addresses multiple security issues
VMSA-2017-0003 VMware Workstation update addresses multiple security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0003 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Workstation update addresses multiple security issues...
Rapid7 Metasploit Pro DLL Loading Remote Code Execution Vulnerability
Metasploit Pro is a powerful guided penetration testing platform. A DLL loading remote code execution vulnerability exists in Rapid7 Metasploit Pro prior version 4.13.0-2017022101, which can be exploited by a remote attacker to execute arbitrary code in the context of an affected application...
Remote code execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote...
Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2016-00282)
Microsoft Windows is a series of operating systems designed for personal computer and server users from the American company Microsoft. Microsoft Windows fails to properly load DLL files, allowing attackers to exploit the vulnerability to build special files that can be tricked into parsing and...
Corel PDF Fusion <= 1.14 Arbitrary Code Execution Vulnerability - Windows
Corel PDF Fusion is prone to an arbitrary code execution vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
VideoStudio Pro X7 'u32ZLib.dll' DLL Loading Arbitrary Code Execution Vulnerability
VideoStudio Pro X7 is a video editing software. An arbitrary code execution vulnerability exists in VideoStudio Pro X7 'u32ZLib.dll' DLL loading due to VideoStudio Pro X7 failing to properly load the "u32ZLib.dll" file. This allows an attacker to construct a malicious DLL file to load arbitrary...
SAP GUI DLL Loading Arbitrary Code Execution (Note 1511179)
The remote host is running a version of SAP GUI that reportedly insecurely looks in its current working directory when resolving DLLs such as 'MFC80LOC.DLL' and 'MFC80RUS.DLL'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72211; scriptversion"1.4";...
Mozilla Thunderbird ESR 17.x < 17.0.5 Multiple Vulnerabilities
The installed version of Thunderbird ESR 17.x is earlier than 17.0.5 and is, therefore, potentially affected the following vulnerabilities: - Various memory safety issues exist. CVE-2013-0788 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Code injection
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...
CVE-2009-3954
CVE-2009-3954 refers to a DLL-loading vulnerability in the 3D implementation of Adobe Reader/Acrobat. Affected products span Adobe Reader/Acrobat 9.x prior to 9.3 and 8.x prior to 8.2 on Windows and macOS. The root cause is a DLL-loading issue in the 3D component that could allow arbitrary code e...
CVE-2009-3954
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...