Remote code execution

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71412)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows and Windows Server. The vulnerability ste...

Microsoft .NET Framework Multiple Vulnerabilities (KB4578974)

This host is missing a critical security update according to Microsoft KB4578974 Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Description of the security update for SharePoint Enterprise Server 2013: October 13, 2020

Description of the security update for SharePoint Enterprise Server 2013: October 13, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel software if the software does not correctly handle objects in memory. To learn more about the...

PT-2020-4307 · Microsoft · Windows Network Connections +1

Name of the Vulnerable Software and Affected Versions: Windows Network Connections affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows Network Connections Service, which can allow an attacker to elevate their privileges. A local...

PT-2020-4381 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: An information disclosure issue...

PT-2020-4252 · Microsoft · Graphics Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Graphics Components affected versions not specified Description: A remote code execution issue exists in the way Microsoft Graphics Components handle objects in memory. This could allow an attacker to execute arbitrary code on a...

CVE-2020-1507

An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, a user would have to open a specially...

CVE-2020-1335

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

CVE-2020-1335

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

CVE-2020-1303

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...

CVE-2020-0664

An information disclosure vulnerability exists when Active Directory integrated DNS ADIDNS mishandles objects in memory. An authenticated attacker who successfully exploited this vulnerability would be able to read sensitive information about the target system. To exploit this condition, an...

Remote code execution

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and...

Code injection

A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected...

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63316)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63326)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68742)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

Microsoft SharePoint Server 2013 < 15.0.5267.1000 Multiple Vulnerabilities

According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...