3763 matches found
CVE-2017-11935
Microsoft Office 2016 Click-to-Run C2R allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability"...
CVE-2017-11935
Microsoft Office 2016 Click-to-Run C2R allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability"...
Remote code execution
Microsoft Office 2016 Click-to-Run C2R allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability"...
CVE-2017-11935
CVE-2017-11935 is a Microsoft Office remote code execution vulnerability affecting Microsoft Excel in Office 2016 Click-to-Run. The issue stems from how Excel/Office handles objects in memory, allowing an attacker to craft an Excel document that triggers the flaw and executes arbitrary code in th...
CVE-2017-11939
CVE-2017-11939 affects Microsoft Office 2016 (Click-to-Run). The vulnerability is an information-disclosure flaw stemming from DRM copy/paste enforcement, potentially leaking a user’s private data (e.g., private key) from the certificate store or plaintext from DRM-protected emails/drafts. Affect...
CVE-2017-11935
Microsoft Office 2016 Click-to-Run C2R allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability"...
Microsoft Office Outlook CVE-2017-11939 Information Disclosure Vulnerability
Description Microsoft Office Outlook is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Outlook 2016 Click-to-Run C2R for 32-bit edition Microsoft Outlook 2016...
Microsoft Excel CVE-2017-11935 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
BootStomp - A Bootloader Vulnerability Finder
BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...
The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers
Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...
The vulnerability of the Click-to-Run software package from Microsoft Office allows a malicious actor to execute actions on the system with privileges of the current user.
The vulnerability of the Click-to-Run software package from Microsoft Office relates to improper handling of objects in memory, which leads to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute actions on the system with privileges of the current user, using a...
The vulnerability of the Python script execution subsystem of the NX-OS network operating system allows a attacker to execute arbitrary commands on the underlying operating system.
The vulnerability of the Python script execution subsystem in the NX-OS network operating system is related to insufficient cleaning of user parameters used by certain Python functions in an isolated scripting environment. Exploiting this vulnerability allows a malicious actor to exit the isolate...
DR.CHECKER - A Soundy Vulnerability Detection Tool for Linux Kernel Drivers
DR.CHECKER: A Soundy Vulnerability Detection Tool for Linux Kernel Drivers Tested on Ubuntu = 14.04.5 LTS 1. Setup The implementation is based on LLVM, specifically LLVM 3.8. We also need tools like c2xml to parse headers. First, make sure that you have libxml required for c2xml: sudo apt-get...
CVE-2017-8211
The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...
Microsoft Excel 2016 Click-to-Run Remote Code Execution Vulnerability
Microsoft Excel 2016 is a spreadsheet processing software in the Office suite of Microsoft Corporation USA.Click-to-Run is one of the updating tools available. A remote code execution vulnerability exists in Microsoft Excel 2016 Click-to-Run that stems from the program failing to properly handle...
CVE-2017-11884
Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...
CVE-2017-11884
Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...
Memory corruption
Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...
CVE-2017-11884
Microsoft Excel 2016 Click-to-Run C2R allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882...
CVE-2017-11884
Technical details about CVE-2017-11884 are not publicly provided in the connected documents; no specific affected products, versions, exploit vectors, or remediation are disclosed here. Monitor for updates.