800 matches found
Microsoft Office security vulnerabilities
VBA unsafe library loading, Office for Mac weak files permissions...
CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...
Design/Logic Flaw
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...
CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...
CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...
Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046; CVE-2012-1854)
A remote code execution vulnerability has been reported in Microsoft Visual Basic for Applications VBA...
VulnCheck KEV: CVE-2012-1854
Microsoft Visual Basic for Applications VBA contains an insecure library loading vulnerability that could allow for remote code execution...
ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-081 June 6, 2012 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Oracle - --...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...
CVE-2012-1849
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...
Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java GlueGen library...
Oracle Java OpenGL Arbitrary Native Library Loading Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenGL JOGL...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞
Bugtraq ID: 53046 CVE ID:CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LDLIBRARYPATH,可导致在当前工作目录中搜索DSO,攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞,建议用户下载使用: http://www.apache.org/...
Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.2. It is, therefore, potentially affected by an insecure library loading issue. The utility 'apachectl' can receive a zero-length directory name in the LDLIBRARYPATH via the 'envvars' file. A local...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka...
Microsoft Visual Studio Add-In Insecure Library Loading (MS12-021; CVE-2012-0008)
An elevation of privilege vulnerability has been reported in Microsoft Visual Studio...
Microsoft Windows Indeo Codec Insecure Library Loading (MS12-014; CVE-2010-3138)
A remote code execution vulnerability has been reported in Microsoft Windows...
MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
The remote host contains a version of Windows Color Control Panel that is affected by an insecure library loading vulnerability. A remote attacker could exploit this by tricking a user into opening a .camp, .cdmp, .gmmp, .icc, or .icm file in a directory that also contains a malicious 'sti.dll'...