Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

Detections for the CVE-2026-21509 vulnerability in MS Office...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant Process Optimization Designer User to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements...

AVEVA Process Optimization security vulnerabilities

AVEVA Process Optimization is a real-time process optimization software developed by the British company AVEVA. AVEVA Process Optimization has a security vulnerability, which arises from the possibility for authenticated attackers to embed OLE objects into graphics, potentially leading to privile...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64402

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64402 Apache OpenOffice: Remote documents loaded without prompt via OLE objects

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to...

CVE-2025-64402

CVE-2025-64402 affects Apache OpenOffice up to 4.1.15. A missing Authorization vulnerability allows documents using OLE objects linked to external files to load those files without prompting the user. Impact: loading external content without user consent. A fix is available in OpenOffice 4.1.16; ...

PT-2025-46582

Name of the Vulnerable Software and Affected Versions Apache OpenOffice versions through 4.1.15 Description Apache OpenOffice documents can contain links. A missing authorization check in Apache OpenOffice allowed an attacker to create a document that would load external links without user...

EUVD-2014-3555

Malware in sbrugna...

EUVD-2018-19960

Malware in sbrugna...

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT

Unmasking the Hidden Threat: Inside a Sophisticated Excel-Based Attack Delivering Fileless Remcos RAT By Trellix · September 11, 2024 This blog was also written by Trishaan Kalra Introduction In the rapidly evolving landscape of cybersecurity, attackers are continuously refining their methods to...

SUSE CVE-2014-3575

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org OOo might allow remote attackers to embed arbitrary data into documents via crafted OLE objects...

Exploit for CVE-2022-30190

CVE-2022-30190 Microsoft Office Word Rce 复现CVE-2022-30190...

Snake Keylogger Spreads Through Malicious PDFs

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...

November 11, 2014 update for PowerPoint 2007 (KB2597972)

November 11, 2014 update for PowerPoint 2007 KB2597972 This article describes update KB2597972 for Microsoft PowerPoint 2007 that was released on November 11, 2014. This update improves the user experience in Office 2010 for when you use OLE objects in an Office 2010 application. How to download...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

Security feature bypass

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

Microsoft Windows Multiple Vulnerabilities (KB4338815)

This host is missing a critical security update according to Microsoft KB4338815 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...