21761 matches found
Azure Sphere Elevation of Privilege Vulnerability
...
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R AppVLP handles certain files. An attacker who successfully exploited the vulnerability could elevate privileges. To exploit this vulnerability, an attacker would need to convince a user to open a...
Windows Text Services Framework Information Disclosure Vulnerability
An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow a...
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need cod...
Microsoft Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, an attacker would have to eithe...
OneDrive for Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...
Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on ...
Microsoft Office SharePoint XSS Vulnerability
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Microsoft SharePoint Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...
Windows Backup Engine Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. The securi...
Microsoft SharePoint Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...
Windows Update Stack Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or...
Windows Sync Host Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. To...
Windows Address Book Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files. To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB. After successfully exploiting the vulnerability, an attacker coul...
Windows Runtime Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted...
VBScript Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...
Windows Shell Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could...
Microsoft Outlook Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the target...
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used ...
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. To exploit this vulnerability, an attacker would...
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by entici...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
Microsoft Dynamics Business Central/NAV Information Disclosure
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a...
Microsoft SharePoint Spoofing Vulnerability
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...
DirectX Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with...
Microsoft Exchange Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server. This could allow the attacker to perform activities such as accessing the mailboxes of other...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Microsoft Graphics Component Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this...
Microsoft PowerPoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Git for Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...
Git for Visual Studio Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wit...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...
Azure Stack Spoofing Vulnerability
A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources. An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stac...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...
Windows Modules Installer Service Information Disclosure Vulnerability
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk. To exploit the vulnerability, an attacker would have to log onto an...
Remote Desktop Client Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...
Windows Error Reporting Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to...
Windows Imaging API Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would ha...
VBScript Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...
MS XML Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could hos...
Windows Text Service Framework Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows Text Service Framework TSF when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm...
Microsoft SharePoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint...
Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating syste...
Chakra Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...