832 matches found
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...
CVE-2012-1849
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...
Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java GlueGen library...
Oracle Java OpenGL Arbitrary Native Library Loading Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenGL JOGL...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞
Bugtraq ID: 53046 CVE ID:CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LDLIBRARYPATH,可导致在当前工作目录中搜索DSO,攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞,建议用户下载使用: http://www.apache.org/...
Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.2. It is, therefore, potentially affected by an insecure library loading issue. The utility 'apachectl' can receive a zero-length directory name in the LDLIBRARYPATH via the 'envvars' file. A local...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka...
Microsoft Visual Studio Add-In Insecure Library Loading (MS12-021; CVE-2012-0008)
An elevation of privilege vulnerability has been reported in Microsoft Visual Studio...
Microsoft Windows Indeo Codec Insecure Library Loading (MS12-014; CVE-2010-3138)
A remote code execution vulnerability has been reported in Microsoft Windows...
MS12-012: Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
The remote host contains a version of Windows Color Control Panel that is affected by an insecure library loading vulnerability. A remote attacker could exploit this by tricking a user into opening a .camp, .cdmp, .gmmp, .icc, or .icm file in a directory that also contains a malicious 'sti.dll'...
Mindjet MindManager 2012 10.0.493 Buffer Overflow / Denial Of Service
Mindjet MindManager 2012 v10.0.493 Multiple Remote Vulnerabilities Vendor: Mindjet Product web page: http://www.mindjet.com Affected version: 10.0.493 Windows Summary: An intuitive visual framework that fosters clarity, innovative thinking & communication to improve business results. Desc:...
Microsoft Internet Explorer multiple security vulnerabilities
Information leakage, insecure library loading...
RSA SecurID Software Token < 4.1.1 Insecure Library Loading
The remote Windows host contains a version of RSA SecurID Software Token 3.0, 4.0, or 4.1 earlier than 4.1.1. As such, it is reportedly affected by an insecure library loading vulnerability. If an attacker can trick a user on the affected system into opening a specially crafted Software Token fil...
ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-039: RSA®, The Security Division of EMC, announces security fixes and improvements for RSASecurID® Software Token 4.1 for Microsoft®Windows® Advisories Updated December 12, 2011 Summary: RSA, The Security Division of EMC, announces security...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."...
Microsoft PowerPoint Insecure Library Loading (MS11-094; CVE-2011-3396)
A remote code execution vulnerability has been reported in Microsoft PowerPoint. The vulnerability is due to an error in the way Microsoft PowerPoint restricts the path used for loading external libraries. A remote attacker could exploit this vulnerability by enticing a user to open a legitimate...
Internet Explorer Insecure Library Loading Code Execution (MS11-089; CVE-2011-2019)
A remote code execution vulnerability has been reported in Internet Explorer IE. The vulnerability is due to an error in the way IE restricts the path used for loading external libraries. A remote attacker could exploit this vulnerability by enticing a user to open a legitimate HTML file that is...