Apple Mac OSX Install.Framework - SUID Root Runner Binary Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an...

Microsoft Windows Font Driver Elevation of Privilege Vulnerability (CNVD-2015-05949)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows version 10 when the Adobe Type Manager library does not properly handle objects in memory. An attacker could exploit this vulnerabilit...

The vulnerability of the iOS operating system allows a perpetrator to gain access to arbitrary objects in the file system.

The vulnerability of the Air Traffic component in the iOS operating system exists due to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to arbitrary objects in the file system...

MS15-101: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3089662)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Microsoft .NET Framework : - An elevation of privilege vulnerability exists due to improper validation of the number of objects in memory before they are copied into an array. A...

Adobe Flash - Type Confusion in TextRenderer.setAdvancedAntialiasingTable

Source: https://code.google.com/p/google-security-research/issues/detail?id=409&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a type confusion issue in TextRenderer.setAdvancedAntialiasingTable. If the font, insideCutoff or outsideCutoff are set to objects that a...

Mozilla Firefox JSON Parsing Same Origin Policy Bypass Vulnerability

Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability when parsing JSON, which allows remote attackers to construct malicious WEB pages and trick users into parsing them, redefine non-configurable attributes on JavaScript objects, and bypass the...

KLA10652 Code execution vulnerability in Internet Explorer

An improper memory objects handling was found in Internet Explorer. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website. Original advisories CVE-2015-2502 Related products...

DEBIAN-CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-05235)

Microsoft Internet Explorer is a popular WEB browser. A remote code execution vulnerability exists when Internet Explorer fails to properly access objects in memory. The vulnerability allows an attacker to execute arbitrary code memory corruption in the context of the current user...

Microsoft Office Memory Corruption Vulnerability (CNVD-2015-05285)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office software when the Office software fails t...

Microsoft Internet Explorer Memory Corruption (MS15-079: CVE-2015-2446)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in memory allocation while handling certain JavaScript objects. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an...

Adobe Acrobat And Reader Use-After-Free (APSB15-15: CVE-2015-5099)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

Microsoft Word remote code execution CVE-2 0 1 5-0 0 9 7 simple the use of the introduction-vulnerability warning-the black bar safety net

0x00 introduction Microsoft Office Word 2 0 0 3, 2 0 0 7 Remote Code Execution Vulnerability 0x01 known successful environment Word 2 0 0 3, 2 0 0 7 SP3 on Windows XP, 7, 8, 8.1 all up to this date. 0x02poc file description Create-Recordset. hta: used to generate the recordset. txt and dldrun. vb...

(0Day) Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

vmware multiple products privilege escalation vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/201571916117864.jpg Description This article briefly describes our findings and our most recent in the three main VMware Windows products find a vulnerability. The affected products include the‘VMware Workstation’, ‘Horizon Client’ with Local Mode Option, and Player’on...

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3076321)

This host is missing a critical security update according to Microsoft Bulletin MS15-065. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Office Memory Corruption (MS15-070: CVE-2015-2415)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

Microsoft Office Memory Corruption (MS15-070: CVE-2015-2379)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

Adobe Flash Sound Universal Cross Site Scripting Vulnerability

This vulnerability allows remote attackers to read arbitrary data on vulnerable Adobe Flash installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Sound objects. A remote attacker can run arbitrary script in the context of any...