The vulnerability in Internet Explorer, caused by an operation that goes beyond the buffer boundaries in memory, allows a malicious actor to gain the privileges of the current user.

The vulnerability of the Internet Explorer browser is related to improper handling of objects in memory. Exploiting this vulnerability can allow a remote attacker to gain privileges as the current user...

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...

Fedora 27 : varnish (2017-72b50be8d4)

Security fix for CVE-2017-8807: This fixes a possible data leak in stevedore transient objects in varnishd. Upstream reports: 'It is not inconceiveable that an attack can provoke this situation on vulnerable varnishd instances, where the leaked memory contains confidential data and therefore we...

SUSE-SU-2018:0074-1 Security update for glibc

This update for glibc fixes the following issues: - A privilege escalation bug in the realpath function has been fixed. CVE-2018-1000001, bsc1074293 - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. CVE-2017-1000408, CVE-2017-1000409, bsc1071319 - An issue in the cod...

CVE-2018-0795

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability"...

Remote code execution

Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-07...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound. In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function base/PdfObjectStreamParserObject.cpp. Remote attackers could leverage this vulnerability to...

UBUNTU-CVE-2018-5309

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function base/PdfObjectStreamParserObject.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file...

PT-2018-16886 · Podofo +2 · Podofo +2

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue is related to an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function. Remote attackers could leverage this to cause a denial-of-service via a crafted pdf file...

Microsoft Office Equation ASLR Bypass

A remote code execution vulnerability exists in Microsoft Office with embedded Equation objects. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted Office file. Successful exploitation would allow an attacker to bypass the ASLR mechanism and execute...

CVE-2018-0745

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and...

Information disclosure

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure...

Dozer command execution vulnerability

Dozer is a mapper for Java beans that copies data from one object to another. A security vulnerability exists in Dozer that stems from the program's use of reflection-based methods for type conversion. The vulnerability can be exploited by a remote attacker to execute arbitrary code using special...

Microsoft Color Management Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR Address Space Layout Randomization on a targeted system. By itself, the information...

Microsoft Edge PDF Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

Description of the security update for the ATMFD.dll information disclosure vulnerability in Windows Server 2008: January 3, 2018

Description of the security update for the ATMFD.dll information disclosure vulnerability in Windows Server 2008: January 3, 2018 Summary An information disclosure vulnerability exists in Adobe Type Manager Font Driver ATMFD.dll when it fails to properly handle objects in memory. An attacker who...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

Arbitrary Code Execution

dozer is vulnerable to arbitrary code execution attacks. It incorrectly uses a reflection-based approach to type conversion which allows attackers to execute code through serialized objects...