6 matches found
Microsoft Windows Unsafe Handling Practices
Hi @ll, This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed with MS14-019 alias MSKB 2922229 and assigned CVE-2014-0315: command lines with a batch script as first...
Intel® Solid State Drive Toolbox™ Escalation of Privilege Vulnerability
Summary: There is an escalation of privilege vulnerability in the Intel® Solid State Drive Toolbox™ versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. Description: There is an escalation of privilege vulnerability in the Intel® Solid State Drive...
About the security content of iTunes 12.4 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
Hi @ll, the current 3CXPhone6.msi for Windows, available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: libeay32.dll and ssleay32.dll version 0.9.8h from 2008-05-28 of OpenSSL. The current version of...
Microsoft Security Essentials Code Execution
Hi @ll, versions of Microsoft Security Essentials before the current v4.2 see have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account almost like alias . The "UninstallString" written to...
GLSA-200506-23 : Clam AntiVirus: Denial of Service vulnerability
The remote host is affected by the vulnerability described in GLSA-200506-23 Clam AntiVirus: Denial of Service vulnerability Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. Impact ...