7683 matches found
Microsoft Windows Graphics Component Local Information Disclosure Vulnerability (CNVD-2017-30910)
Microsoft Windows is the popular computer operating system. An information disclosure vulnerability exists in the implementation of Windows Graphics when it does not properly handle memory objects, which can be successfully exploited to allow an attacker to obtain sensitive information...
Microsoft Office Outlook Security Bypass Vulnerability
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A security bypass vulnerability exists in the implementation of Microsoft Outlook when it does not properly handle in-memory objects, where an attacker could execute arbitrary commands via...
Microsoft Office Web Apps Server 2013 Service Pack 1 RCE Vulnerability (KB4011231)
This host is missing an important security update according to Microsoft KB4011231 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Outlook improperly handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary commands. In a file-sharing attack scenario, an attacker could provide a specially crafted document file...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11793)
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Security Update for Microsoft Office (October 2017) (macOS)
The Microsoft Office 2016 application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability that exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who...
CVE-2017-7819
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
Microsoft Excel - OLE Arbitrary Code Execution
Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/64 bits x86 and x64 Tested on: Windows...
Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/...
CVE-2017-7819
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
Apple Safari JSString Out-Of-Bounds Access Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
DEBIAN-CVE-2017-6267
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service...
Kaltura PHP Object Injection Vulnerability (CNVD-2017-33583)
Kaltura is an open source online video platform from Kaltura Inc. wikidecode Developer System Helper is one of the helpers. A security vulnerability exists in the wikidecode Developer System Helper function in the admin panel of Kaltura versions prior to 13.2.0. The vulnerability can be exploited...
CVE-2017-14482
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe...
CVE-2017-14482
Removed by vendor...
Exploit for Code Injection in Microsoft
CVE-2017-8759 This repo contains sample exploits for CVE-2017...
CVE-2017-8719
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...
CVE-2017-8687
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objec...