123 matches found
Microsoft Office Word free macro command execution flaw vulnerability 0day-vulnerability warning-the black bar safety net
If we inform you that in MS-Word on the presence of a Royal Decree to fulfill the vulnerability flaws of the bug, which unnecessary any macro maybe memory overflow? Windows for use between the stop data transfer supply a variety of transmission methods, this one is called static swap agreements, ...
UPDATE: Luckystrike 2.0!
PenTestIT RSS Feed My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM...
Privilege escalation
dde-daemon, the daemon process of DDE Deepin Desktop Environment 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege...
CVE-2017-7622
The CVE-2017-7622 issue affects DDE’s dde-daemon (Deepin Desktop Environment) versions 15.0–15.3, where the daemon runs with root privileges and does not properly identify the caller over D-Bus. An attacker can exploit DoWriteGrubSettings() to alter GRUB configuration, enabling a backdoor or priv...
CVE-2017-7622
dde-daemon, the daemon process of DDE Deepin Desktop Environment 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege...
FullContact BB #2 - CSV Excel Macro Injection Vulnerability
Document Title: =============== FullContact BB 2 - CSV Excel Macro Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1904 Release Date: ============= 2017-01-19 Vulnerability Laboratory ID VL-ID: ====================================...
Cogent DataHub < 6.4.7 Incoming DDE Connection Handling Remote DoS
Binary data scadacogentdatahub647.nbin...
BugCrowd CSV Injection
Description: A vulnerability in the file upload feature allows attackers to send malicious csv files. By using the Microsoft Excel DDE function an attacker can launch arbritary commands on the victims system. Many companies don't allow xslx or docx files to be uploaded by security testers, becaus...
MS Word 95/97/98/2000/2002 Excel 2002 INCLUDETEXT Document Sharing File Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/5586/info The Microsoft Word and Excel INCLUDETEXT Field Code may be used to insert an arbitrary local file into a document. The INCLUDETEXT Field Code is reported to, under some circumstances, present a security threat. ...
Wine ( Core exe ) GIF Object Memory Corruption
Exploit for windows platform in category local exploits ================================================ Wine Core exe GIF Object Memory Corruption ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...
Invensys Wonderware InTouch默认统一NetDDE共享特权提升漏洞
Vulnerability Note VU138633 Invensys Wonderware InTouch creates insecure NetDDE share Invensys Wonderware InTouch是一款生产过程中自动化监控系统中的应用。 Invensys Wonderware InTouch对NetDDE共享的默认权限设置存在问题,本地攻击者可以利用漏洞提升特权。 动态数据交换DDE设计允许Microsoft windows应用程序共享数据。NetDDE是Wonderware开发的DDE扩展。InTouch...
Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
Hi All !! While I was testing desktop based firewalls here it is Zone Alarm Pro with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by...
Microsoft Word 95/97/98/2000/2002 / Excel 2002 - INCLUDETEXT Document Sharing File Disclosure
source: https://www.securityfocus.com/bid/5586/info The Microsoft Word and Excel INCLUDETEXT Field Code may be used to insert an arbitrary local file into a document. The INCLUDETEXT Field Code is reported to, under some circumstances, present a security threat. If the INCLUDETEXT Field Code is...
Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System
Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...
CVE-2001-0944
CVE-2001-0944 describes a DDE-based risk in mIRC where a local user can trigger a DDE message that executes a command, potentially running in another user’s process. This enables local privilege escalation with the command execution potentially affecting confidentiality, integrity, and availabili...
CVE-2001-0944
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process...
Проблемы с DDE в mIRC (privelege escalation)
Можно послать DDE сообщение из другого приложения чтобы выполнить команду с привилегиями пользователя mIRC...
mIRC bug?
Hello, BugTraq readers! I have recently started using mIRC's DDE feature, which allows DDE messaging between its instances and other software. At first I was quite pleased with this feature until I thought about the security implications of it under a multi-user system such as Windows 2000...
CVE-2001-0944
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process...
CVE-2001-0015
CVE-2001-0015 affects Windows 2000 via the Network Dynamic Data Exchange (DDE) component. The vulnerability allows a local attacker to elevate privileges to Local System by sending a WM_COPYDATA message to an invisible DDE window that runs with WINLOGON privileges, enabling arbitrary command exec...