CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8307

CVE-2018-8307 is a WordPad security feature bypass affecting multiple Windows versions (e.g., Windows 7, 8.1, 10, and corresponding Server editions) where embedded OLE objects are improperly handled. The vulnerability is described as a bypass of security features when WordPad processes OLE object...

Microsoft Windows WordPad Security Bypass Vulnerability

Microsoft Windows 7 and others are a series of operating systems released by Microsoft Corporation in the U.S. WordPad is one of the filters that is installed by default on all Windows systems. A security bypass vulnerability exists in Microsoft Windows WordPad, which arises from the program's...

.NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...

WordPad Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file...

Description of the security update for the security feature bypass vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: July 10, 2018

Description of the security update for the security feature bypass vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: July 10, 2018 Summary A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE...

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 (KB 4338605)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 KB 4338605 Summary This security update resolves the following vulnerabilities: A "remote code execution" vulnerability exists when .NET Framework does not valida...

EMC ECS S3 Authentication Bypass Vulnerability

Dell EMC Elastic Cloud Storage ECS is an object storage application designed for traditional and next-generation workloads. An authentication bypass vulnerability exists in Dell EMC ECS versions 3.2.0.0 and 3.2.0.1, which can be exploited by a remote, unauthenticated attacker to read and modify S...

CVE-2018-3753

The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3753

The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

Code injection

The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3753

The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3753

The CVE-2018-3753 issue affects the merge-objects module (versions

CVE-2018-11052

Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests...

Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially "corrupts" two memory objects and...

SAP Business Objects Remote Code Injection Vulnerability

SAP Business Objects is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The program provides reporting, performance management and data base and other functions. A remote code injection vulnerability exists in SAP Business Objects, version 4.0 4.1...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

After Upgrade to WEM 4.6 agents not getting configurations with error: Agent (Agent name) is not bound to any configuration set

Upgrade WEM environment from 4.5 to 4.6. After upgrading, WEM agents are randomly reported with the following different status under Administration Agents Registrations: "Agent is bound to multiple configuration sets." Then the same agents are reported with the following status: "Agent is not be...

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge application...

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...