Microsoft Word RTF文件解析错误代码执行漏洞

CVE ID:CVE-2014-1761 Microsoft Word 是微软公司的一个文字处理软件。 因Microsoft Word在解析畸形的RTF格式数据时存在错误导致内存破坏，使得攻击者能够执行任意代码。当用户使用Microsoft Word受影响的版本打开恶意RTF文件，或者Microsoft Word是Microsoft Outlook的Email Viewer时，用户预览或打开恶意的RTF邮件信息，攻击者都可能成功利用此漏洞，从而获得当前用户的权限。值得注意的是，Microsoft Outlook 2007/2010/2013默认的Email Viewer都是Microso...

Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0298)

BUGTRAQ ID: 66025 CVECAN ID: CVE-2014-0298 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 没有正确访问内存对象，在实现上存在远程代码执行漏洞，成功利用后可破坏内存，在当前用户权限下执行任意代码。 0 Microsoft Internet Explorer 6-11 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 应用Microsoft Fix...

Internet Explorer CMarkup use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2887505 regarding a remote code execution vulnerability CVE-2013-3893 impacting Internet Explorer versions 6 through 11. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. The...

MS KB2794220: Vulnerability in Internet Explorer Could Allow Remote Code Execution (deprecated)

The remote host is missing the workaround referenced in KB 2794220 Microsoft 'Fix it' 50971. This workaround mitigates a use-after-free vulnerability in Internet Explorer. Without this workaround enabled, an attacker could exploit this vulnerability by tricking a user into viewing a maliciously...

Microsoft Internet Explorer CButton use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the CButton object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the mshtml...

Microsoft Internet Explorer 6/7/8/9 contain a use-after-free vulnerability

Overview Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability CWE-416 that may result in remote code execution. Description Microsoft Internet Explorer 6/7/8/9 contains a use-after-free vulnerability in the CMshtmlEd::Exec function. An attacker may...

MSXML未初始化内存破坏漏洞 (MS12-043)

CVE ID: CVE-2012-1889 Microsoft XML核心服务（MSXML）允许使用JScript、VBScript和Microsoft Visual Studio 6.0的用户构建可与其他符合XML 1.0标准的应用程序相互操作的XML应用。 Microsoft XML Core Services 3.0、4.0、5.0、6.0在访问未初始化内存位置时存在安全漏洞，可允许远程攻击者通过特制的网站执行任意代码或造成拒绝服务。 0 Microsoft Windows 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 应用XML...

Microsoft Windows Picture and Fax Viewer Library Vulnerability !

Microsoft Windows Picture and Fax Viewer Library Vulnerability ! I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploitation of a buffer overflow vulnerability in multiple...

Microsoft Security Advisory 2488013

Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this...

the windows shortcut file execution vulnerability and Defense strategies-vulnerability warning-the black bar safety net

Recently this loophole relatively fiery, simple to say is to construct a malicious shortcut can execute the file code. The vulnerability relates to XP, Vista, Win7, etc. almost all Windows platforms, U disk, mobile phone, digital camera, iPod, etc. all USB devices will become the Trojan of the...