Microsoft Office Multiple Remote Code Execution (CVE-2017-0261)

A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...

EPS Processing Zero-Days Exploited by Multiple Threat Actors

In 2015, FireEye published details about two attacks exploiting vulnerabilities in Encapsulated PostScript EPS of Microsoft Office. One was a zero-day and one was patched weeks before the attack launched. Recently, FireEye identified three new zero-day vulnerabilities in Microsoft Office products...

Coming together to address Encapsulated PostScript (EPS) attacks

Today’s security updates include three updates that exemplify how the security ecosystem can come together to help protect consumers and enterprises. We would like to thank FireEye and ESET for working with us. Customers that have the latest security updates installed are protected against the...

PT-2017-2153 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2010 through 2016 Description: The issue exists due to insufficient input validation in Microsoft Office, allowing a remote attacker to execute arbitrary code. Exploitation can occur when a user opens a specially...

PT-2017-2152 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to the improper handling of data in Microsoft Office, which can be exploited by a remote attacker to execute arbitrary code. The exploitation can occur when a...

[SECURITY] Fedora 26 Update: ghostscript-9.20-10.fc26

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

Debian DLA-932-1 : ghostscript security update

A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. For Debian 7 'Wheezy', these problems have been fixed in version 9.05dfsg-6.3+deb7u6. We...

[SECURITY] [DLA 932-1] ghostscript security update

Package : ghostscript Version : 9.05dfsg-6.3+deb7u6 CVE ID : CVE-2017-8291 Debian Bug : 861295 A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is...

[SECURITY] Fedora 25 Update: ghostscript-9.20-9.fc25

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[ASA-201705-3] ghostscript: arbitrary command execution

Arch Linux Security Advisory ASA-201705-3 ========================================= Severity: High Date : 2017-05-07 CVE-ID : CVE-2017-8291 Package : ghostscript Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-256 Summary ======= The package ghostscript...

Debian DSA-3838-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may lead to the execution of arbitrary code or denial of service if a specially crafted Postscript file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 3838-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3838-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq -...

Artifex Ghostscript Remote Command Execution Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. Artifex Ghostscrip...

Debian: Security Advisory (DSA-3838-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Artifex Ghostscript mark_curve Denial of Service Vulnerability

Ghostscript is a set of software based on Adobe Systems PostScript and Portable Document Format PDF page description language interpreter. The markcurve function in Artifex Ghostscript suffers from an integer overflow problem that allows a remote attacker to cause a denial of service out-of-bound...

UBUNTU-CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...

CVE-2017-7948

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...

Integer overflow

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...

DEBIAN-CVE-2017-7948

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...

CVE-2017-7948

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...