[SECURITY] Fedora 25 Update: mujs-0-5.20160921git5c337af.fc25

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image

Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems. Discovered by security researchers at Cisco Talos group, the zero-day...

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to...

Double-click me not: Malicious proxy settings in OLE Embedded Script

Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works ...

activemq: Clickjacking in Web Console

It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console...

The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in Windows OLE allows for the execution of code remotely, provided that the user opens a file containing a specially crafted OLE object. Exploiting this vulnerability enables the attacker to gain privileges similar to those of an authorized user. If the accessing user has...

Swagger Vulnerability Leads to Arbitrary Code Injection

An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...

CVE-2016-3235

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...

Microsoft Office OLE DLL End Load Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security vulnerability exists in Microsoft Office that originates from the program failing to properly...

How RTF malware evades static signature-based detection

History Rich Text Format RTF is a document format developed by Microsoft that has been widely used on various platforms for more than 29 years. The RTF format is very flexible and therefore complicated. This makes the development of a safe RTF parsers challenging. Some notorious vulnerabilities...

Run Binaries From Memory: Pazuzu

Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios. For example, if you want to exploit a vulnerability and run your ow...

Microsoft Windows OLE Remote Code Execution Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. OLE Object Linking and Embedding is a technology that allows applications to share data and functionality. A remote code execution vulnerability exists in OLE for Microsoft Windows that originates fro...

CVE-2016-0153

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."...

[SECURITY] Fedora 24 Update: drupal6-emfield-2.7-1.fc24

This extensible module will create fields for content types that can be use d to display video, image, and audio files from various third party providers. W hen entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the OLE component in the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

Vulnerability of the Windows operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the OLE component in the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

[SECURITY] Fedora 22 Update: drupal6-emfield-2.7-1.fc22

This extensible module will create fields for content types that can be use d to display video, image, and audio files from various third party providers. W hen entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine...

Microsoft Windows OLE Memory Remote Code Execution Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. OLE Object Linking and Embedding is a technology that allows applications to share data and functionality. A remote code execution vulnerability exists in Microsoft Windows OLE that can be exploited b...

CVE-2016-0091

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution...

Trello: DOM based XSS via Wistia embedding

Hi, You are using Wistia to embed video at trello.com. However external script from fast.wistia.com vulnerable to XSS and allows to run malicious javascript on your side. vulnerable code: fast.wistia.net/assets/external/E-v1.js I found that parameter wchannel can be controled to load js from...