Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CVE-2026-21509-PoC Educational PoC for CVE‑2026‑21509...

EUVD-2006-0767

Malware in sbrugna...

EUVD-2011-3224

Malware in sbrugna...

EUVD-2006-2198

Malware in sbrugna...

Exploit for CVE-2022-30190

FOLLINA-CVE-2022-30190 Implementation of FOLLINA-CVE-2022-3019...

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers...

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

Fake Reservation Links Prey on Weary Travelers

A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied to COVID-related travel restrictions, the threat group has ramped up campaigns to exploit an uptick in travel and related airline and hotel...

Heap overflow

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service heap-based buffer overflow with write access or possibly have unspecifie...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20151214)

It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. CVE-2015-4551 An integer underflow flaw leading to a...

Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-0200 OpenOffice.org Word document Integer Underflow CVE-2009-0201 OpenOffice.org Word document buffer overflow An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in...

CVE-2011-3260

Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Microsoft Word document...

CVE-2011-3260

CVE-2011-3260 describes a memory corruption/buffer overflow vulnerability in Apple’s OfficeImport framework used by iOS, triggered when parsing Microsoft Word documents. The issue allowed remote code execution or a denial of service (application crash) on iOS versions before 5. The iDefense/iOS b...

OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10

This host has OpenOffice running which is prone to multiple remote code execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbopenofficemultcodeexecvulnwinfeb10.nasl 5323 2017-02-17 08:49:23Z teissa $ OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10 Authors: Veerendra G...

OpenOffice Multiple Remote Code Execution Vulnerabilities (Feb 2010)

OpenOffice is prone to multiple remote code execution vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[Backports-security-announce] Security update for openoffice.org

Rene Engelhard uploaded new packages for openoffice.org which fixed the following security updates: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document,...

CVE-2006-2197

CVE-2006-2197 concerns the wv2 library (used for accessing Microsoft Word documents). A boundary/size check issue leads to an integer overflow when processing Word files, enabling context-dependent attackers to execute arbitrary code. Multiple advisories (Ubuntu USN-300-1, Debian DSA-1100, Gentoo...

CVE-2006-2197

Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document...

Buffer overflow

Buffer overflow in BlackBerry Attachment Service in Research in Motion RIM BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow...