9262 matches found
Microsoft Security Bulletin with Remote Desktop Flaws
Microsoft Security Bulletin with Remote Desktop Flaws Microsoft has released 6 updates in this month's patch Tuesday, including a patch for a critical hole which the software maker warns could be hit within the next 30 days. Microsoft is warning that there's a remote, pre-authentication,...
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
This host is missing an important security update according to Microsoft Bulletin MS12-022. OpenVAS Vulnerability Test $Id: secpodms12-022.nasl 6520 2017-07-04 14:28:49Z cfischer $ Microsoft Expression Design Remote Code Execution Vulnerability 2651018 Authors: Madhuri D Copyright: Copyright c 20...
Microsoft Expression Design unsafe DLL loading
Unsafe DLL loading on .xpr and .design files processing...
Microsoft Expression Design Version Detection
Detects the installed version of Microsoft Expression Design. The script logs in via smb, searches for Microsoft Expression Design in the registry and gets the version from SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
This host is missing an important security update according to Microsoft Bulletin MS12-022. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2012-0016
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka...
CVE-2012-0016
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka...
CVE-2012-0016
Microsoft Expression Design (including SP1 and versions 2–4) is affected by a DLL search path vulnerability in wintab32.dll loading. An attacker can place a malicious wintab32.dll in a directory that Expression Design loads from (e.g., .xpr/.DESIGN file locations or network shares), allowing code...
Microsoft Fixes Critical RDP Vulnerability with March Patch Tuesday
Microsoft rolled out six patches addressing seven vulnerabilities on Tuesday, including a critical hole in Windows’ Remote Desktop Protocol RDP – the same component exploited by the Morto worm in August. The March edition of their monthly Patch Tuesday release included a critical bulletin MS12-02...
MS12-022: Vulnerability in Expression Design could allow remote code execution: March 13, 2012
Resolves a vulnerability in Expression Design that could allow remote code execution. This update was released on March 13, 2012.INTRODUCTIONMicrosoft has released security bulletin MS12-022. To view the complete security bulletin, visit one of the following Microsoft websites: Home...
MS12-022: Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
The version of Microsoft Expression Design installed on the remote host is reportedly affected by an insecure library loading vulnerability. A remote attacker could exploit this flaw by tricking a user into opening a legitimate .xpr or .DESIGN file located in the same directory as a maliciously...
Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Expression is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link...
Apache Struts Security Update (S2-007) - Active Check
Apache Struts is prone to a java method execution vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Microsoft Expression Design Insecure Library Loading (MS12-022; CVE-2012-0016)
A remote code execution vulnerability has been reported in Microsoft Expression Design...
CVE-2012-0838
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...
CVE-2012-0838
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...
Design/Logic Flaw
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...
CVE-2012-0838
CVE-2012-0838 affects Apache Struts 2 before 2.2.3.1, where an OGNL expression is evaluated during a conversion error, enabling a remote attacker to modify run-time data values and potentially execute arbitrary code. IBM security bulletins for Order Management (and related advisories) confirm the...
CVE-2012-0838
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...