KLA11012 Remote code execution vulnerability in the Microsoft Malware Protection Engine

An improper way of scanning files was found in the Microsoft Malware Protection. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file. Technical details To exploit this vulnerability, a malformed fi...

KLA11002 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Scriptin...

KLA11011 Security Bypass vulnerability in Microsoft .NET Framework

An incomplete validation of certificates was found in Microsoft .NET Framework. By exploiting this vulnerability malicious users can bypass security restrictions. This vulnerability can be exploited remotely via a specially designed certificate, which is marked invalid for a specific use, but sti...

KLA11077 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of...

KLA11029 Multiple vulnerabilities in the Microsoft Malware Protection Engine

Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to an improper...

KLA11836 ACE vulnerability in Microsoft System Center

A remote code exectution vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-0290 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such...

KLA11031 Multiple vulnerabilities in Foxit Reader

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit Phantom PDF. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitary code. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to an improper parsi...

KLA11001 Use-after-free vulnerability in Mozilla Firefox and Mozilla Firefox ESR

Use-after-free vulnerability was found in Mozilla Firefox and Mozilla Firefox ESR. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a Buffer11 API calls within the ANGLE graphics library, used for WebGL content...

KLA11015 Race condition vulnerability in Google Chrome

A race condition vulnerability was found in the WebRTC component of Google Chrome earlier than 58.0.3029.96. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely. Technical details Vulnerability was found in framebuffer2.cc NB:...

KLA11017 A buffer overflow vulnerability in LibreOffice

An out-of-bounds write vulnerability was found in LibreOffice. By exploiting this vulnerability malicious users can possibly cause a denial of service or obtain sensitive information. This vulnerability can be exploited remotely. Technical details This vulnerability is related to the ReadJPEG...

KLA11007 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, read and write local files. Below is a complete list of vulnerabilities: 1. A use-after-free vulnerabilit...

KLA11016 Denial of service vulnerability in IrfanView

An improper processing of .FPX FlashPix files was found in IrfanView 4.44 32-bit with FPX Plugin before 4.45. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed .FPX file. Original advisories...

KLA11006 Multiple vulnerabilities in Oracle Java SE

Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in subcomponent JCE Java Cryptography Extension c...

KLA11005 Multiple vulnerabilities in Oracle Java SE

Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities to cause a denial of service, read and write local files and possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified...

KLA11027 Multiple vulnerabilities in Oracle VM VirtualBox

Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause a denial of service, read and write accesible data and possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple unspecifie...

KLA11028 A read/write local files vulnerability in Oracle VM Virtual Box

An unspecified vulnerability was found in Oracle VM VirtualBox. By exploiting this vulnerability low priveleged malicious users with logon to the infrastructure, where OracleVM VirtualBox is executed, can write to some of Oracle VM VirtualBox accessible data and read a subset of Oracle VM...

KLA11000 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome earlier than 58.0.3029.81. Malicious users can exploit these vulnerabilities to execute arbitrary code and spoof user interface. Below is a complete list of vulnerabilities: 1. Type confusion in the PDFium component can be exploite...

KLA11004 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass...

KLA11128 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities: 1. An incorrect assumption about block structure in Blink can be exploited remote...

KLA11149 Multiple vulnerabilities in QuickTime for Windows

Multiple vulnerabilities was found in QuickTime. These vulnerabilities can be exploited remotely to execute arbitrary code. Vendor is recommended don’t use QuickTime 7 for Windows anymore and uninstall this software. QuickTime 7 for Windows is no longer supported by vendor. Original advisories...

KLA10997 Vulnerability in LibreOffice

Heap-based buffer overflow vulnerability was found in LibreOffice. By exploiting this vulnerability malicious users can obtain a sensitive information or cause a denial of service. Original advisories LibreOffice Security Advisory Related products LibreOffice CVE list CVE-2017-7870 critical...

KLA11020 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in the IMAP Internet Message Access Protocol dissector can be exploited...

KLA11915 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An implementation vulnerability in Securit...

KLA11024 Defense-in-Depth Update for Microsoft Office

An unspecified vulnerability was found in the EPS Encapsulated PostScript filter in Microsoft Office. By exploiting this vulnerability malicious users can possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website or file. NB: This vulnerability...

KLA11059 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote cod...

KLA10993 Arbitrary code execution vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities in the sound class, in the internal script object and in the...

KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A memory corrupti...

KLA11058 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of...

KLA11055 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. An incorrect handling of...

KLA11060 Multiple vulnerabilities in Microsoft Windows Hyper-V

Multiple serious vulnerabilities have been found in Microsoft Windows Hyper-V. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code and cause a denial of service. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related ...

KLA11078 ACE vulnerability in Microsoft .NET Framework

An improper input validation on library load was found in Microsoft .NET. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally via a specially designed application. Technical details To exploit this vulnerability, a malicious use...

KLA11021 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10993. Original advisories ADV170004 Related products Microsoft-Windows CVE list KB list 4018483 Solution Install necessary updates from the KB section, that are listed in your Windo...

KLA11061 Information disclosure vulnerability in Microsoft Windows

An incorrect handling of objects in memory has been found in libjpeg image-processing library functionality used in Microsoft Windows. Malicious users can exploit this vulnerability to obtain sensitive information. This vulnerability can be exploited remotely by convincing a user to run a special...

KLA10992 Multiple vulnerabilities in Adobe Acrobat and Adobe Reader

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitary code and possibly cause a denial of service. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities in the XML Forms...

KLA10994 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service and spoofing user interface. Below is a complete list of vulnerabilities 1. Memory corruption...

KLA10996 ACE Vulnerability in Foxit Reader

Heap-based buffer overflow vulnerability was found in Foxit Reader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a a large SamplesPerPixel value in a crafted TIFF image. Original advisories Foxit bulletin Related...

KLA10999 Arbitrary code execution vulnerability in Microsoft IIS

CVSS: 10.0 Detect date: 03/22/2017 Severity: Critical Description: A buffer overflow vulnerability was found in in the WebDAV service in IIS Internet Information Services 6.0 in Microsoft Windows Server 2003 R2. By exploiting this vulnerability malicious users can execute arbitary code or cause a...

KLA10971 Vulnerability in Mozilla Firefox and Mozilla Firefox ESR

Integer overflow vulnerability was found in Mozilla Firefox and Mozilla Firefox ESR. By exploiting this vulnerability malicious users possibly can obtain sensitive information and cause a denial of service. This vulnerability can be exploited remotely via experimental extensions. NB: This...

KLA10991 Privilege escalation vulnerability in Adobe Shockwave Player

An unspecified vulnerability was found in the Adobe Shockwave Player. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a DLL hijacking. Original advisories Adobe Security Bulletin Related products Adobe-Shockwave-Player CVE lis...

KLA10978 Multiple vulnerabilities in Windows Uniscribe

Multiple serious vulnerabilities have been found in Windows Uniscribe. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of objects in memory can be exploted remotely vi...

KLA10988 Information disclosure vulnerability in Windows DirectShow

An improper objects handling in memory was found in Windows DirectShow. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories MS17-021 CVE-2017-0042 Related products...

KLA10974 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10973. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...

KLA11037 Arbitrary code execution vulnerability in VMware products

An out-of-bounds memory access vulnerability in the DnD drag-and-drop function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstatio...

KLA10967 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure...

KLA10998 Information disclosure vulnerability in Microsoft Windows Media Player

An improper handling of objects in memory was found in Microsoft Windows Media Player. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories Microsoft Security Update...

KLA11833 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows Graphics Component can be...

KLA10981 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper sanitizing of a...

KLA10973 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities: 1. A buffer overflow/underflow vulnerability in the Primetime TVSDK can...

KLA10989 Information disclosure vulnerability in Microsoft XML Core Services

An improper object handling in memory was found in Microsoft XML CoreServices MSXML. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories MS17-022 CVE-2017-0022 Related...

KLA10986 Information disclosure vulnerability in Microsoft Active Directory Federation Services

An improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services ADFS. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request. Original advisories...