21767 matches found
Windows PDF Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Scripting Engine Information Disclosure Vulnerability
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an...
Microsoft Outlook Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Outlook fails to properly validate authentication requests. To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. Alternatively the attacker could...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...
Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicio...
Windows Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication. To exploit this vulnerability, an attacker could run a specially...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSyste...
Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerabilit...
Windows SMB Denial of Service Vulnerability
A denial of service vulnerability exists in the Microsoft Server Block Message SMB when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit...
Windows DNS Server Denial of Service Vulnerability
A denial of service vulnerability exists in Windows DNS Server if the server is configured to answer version queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive. An attacker could exploit this vulnerability by sending...
Dxgkrnl.sys Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploite...
Windows SMB Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To explo...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows SMB Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To explo...
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The...
Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System. An attacker could then install programs; view, change, or delete data; or create new...
Microsoft Edge Memory Corruption Vulnerability
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Windows GDI Information Disclosure Vulnerability
A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...
Windows Graphics Component Remote Code Execution Vulnerability
A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...
Windows GDI Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Microsoft Color Management Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Color Management Module ICM32.dll handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR Address Space Layout Randomization on a targeted system. By itself, the information...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...
Microsoft Excel Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
Microsoft Lync for Mac Certificate Validation Vulnerability
A security feature bypass exists when the Lync for Mac 2011 client fails to properly validate certificates. An attacker who successfully exploited this vulnerability could tamper with trusted communications between the server and target client. To exploit the vulnerability, an attacker would need...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft browser XSS filter is abused to leak sensitive page information. An attacker who successfully exploited the vulnerability could obtain sensitive information from certain web pages. To exploit the vulnerability, an attacker would ha...
GDI+ Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...
September 2016 Adobe Flash Security Update
This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB16-29: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-428...
Microsoft Browser Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...
Windows Virtual PCI Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Virtual PCI VPCI virtual service provider VSP fails to properly handle uninitialized memory. An attacker who successfully exploited this vulnerability could potentially disclose contents of memory to which the attacker should not hav...
Windows NetLogon Memory Corruption Remote Code Execution Vulnerability
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. To exploit the...
Windows PDF Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user. To exploit the vulnerability, an attacker would have to trick the user...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...
Windows Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Graphics Component GDI32.dll fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited this...
Windows PDF Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user. To exploit the vulnerability, an attacker would have to trick the user...
DirectX Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Windows Graphics Component Remote Code Execution Vulnerability
A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
net: skbuff: propagate shared-frag marker through frag-transfer helpers
...
Windows Netlogon Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...
Windows Hyper-V Elevation of Privilege Vulnerability
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally...
Windows Setup Files Cleanup Elevation of Privilege Vulnerability
...