Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

PT-2022-12906 · Antaris · Razorengine

Name of the Vulnerable Software and Affected Versions: Antaris RazorEngine versions through 4.5.1-alpha001 Description: An attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. This issue affects products that are no longer supporte...

CVE-2007-3816

JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries...

Design/Logic Flaw

JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries...

CVE-2007-3816

JWIG might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries...

PT-2007-5051 · Jwig · Jwig

Name of the Vulnerable Software and Affected Versions: JWIG affected versions not specified Description: The issue might allow context-dependent attackers to cause a denial of service service degradation via loops of references to external templates. However, it has been disputed by multiple thir...