Vulnerability in Foxit Reader Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Foxit Reader version 4.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Foxit Software. Foxit...

Safari Content-Disposition Handling Could Allow Cross-site Scripting

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari software version 5.1.5 7534.55.3 for Windows and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affecte...

Vulnerabilities in XnViewer Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of two integer overflow vulnerabilities affecting XnViewer version 1.98.2 and earlier versions. Microsoft discovered and disclosed the vulnerabilities under coordinated vulnerability disclosure to the affected...

Cisco Security Service IPC Message Heap Corruption Could Allow Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability in the Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop software. The vulnerability affects the Host Scan component included in Cisco AnyConnect VPN Clie...

Vulnerability in Foxit Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Foxit Reader software version 5.1.4.0104 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Foxit...

HTML5 Implementation in Chrome, Opera, and Safari Could Allow Information Disclosure

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome browser versions 8.0.552.210 and earlier; Opera browser versions 10.62 and earlier; and Safari browser versions 4.1.2 and earlier, Safari browser versions 5.0.2 and...

Vulnerability in VMware VMCI.sys Could Allow Local Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting VMware Workstation version 8.0.4 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, VMware...

Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting RealNetworks Helix Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed these vulnerabilities under coordinated vulnerability disclosure to th...

Vulnerability in FFmpeg Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting FFmpeg version 0.8.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, FFmpeg. FFmpeg has remediat...

Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting IDA Pro running the IDAPython plugin. By default, the IDAPython plugin is installed with all versions of IDA Pro. Microsoft discovered and disclosed the vulnerability under...

Oracle AutoVue DXF Parsing Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Oracle Autovue software versions 20.1.1 and 20.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Oracle...

Oracle AutoVue DGN Parsing Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Oracle AutoVue software versions 20.1.1 and 20.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Oracle...

Vulnerability in RealNetworks RealPlayer Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting RealNetworks RealPlayer SP version 1.1.4 and earlier and RealPlayer 11.1 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure...

Vulnerability in DjVuLibre Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DjVuLibre software version 3.5.25 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the DjVuLibre project...

Vulnerability in Google Picasa Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Picasa for Windows version 3.6 build 105.61 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendo...

Vulnerabilities in Nullsoft Winamp Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of vulnerabilities affecting Nullsoft Winamp software version 5.623 and earlier. Microsoft discovered and disclosed the vulnerabilities under coordinated vulnerability disclosure to the affected vendor, Nullsof...

Vulnerability in RealNetworks Helix Universal Media Server Could Allow Denial of Service

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting RealNetworks Helix Universal Media Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to...

Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome browser versions prior to 6.0.472.59. Microsoft engineers discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

Memory Corruption in Google SketchUp Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google SketchUp software version 8.0.11752.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

Vulnerability in Google Chrome Could Allow Local Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google Chrome version 17.0.963.79 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Googl...

Vulnerability in Apple Safari Could Allow Information Disclosure

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple Safari version 5.05 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Apple Inc. Apple Inc...

Vulnerability in VMware OVF Tool Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting VMware OVF Tool software version 2.1 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

Vulnerability in WordPress Could Allow Cross-Domain Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting WordPress version 3.1.2 and earlier, both as the cloud service from WordPress.com as well as the installable software available from WordPress.org. Microsoft discovered and disclose...

Apple QuickTime MPEG Parsing Memory Corruption

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple QuickTime Player software version 7.7.1 and earlier verisons. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.2 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuke...

Vulnerabilities in SumatraPDF Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting SumatraPDF Reader software version 2.0.1 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...

Vulnerability in Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software version 6.4.0.2900 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...

Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting FFmpeg version 0.8.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, FFmpeg. FFmpeg has remediat...

Vulnerability in Cisco WebEx Player Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Cisco WebEx Player. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Cisco. Cisco has remediated the...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.0 through version 6.0.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuk...

Vulnerability in Google SketchUp Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Google SketchUp version 7.1 Maintenance Release 2 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor...

Vulnerability in Wireshark Allows For Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Wireshark version 1.6.1 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Wireshark. Wireshark has...

Vulnerability in Wireshark Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Wireshark version 1.6.0 and earlier. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Wireshark. Wireshark has...

JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting OpenJPEG software version 1.4 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, OpenJPEG...

Vulnerability in RealNetworks RealPlayer RichFX Component Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting RealNetworks RealPlayer SP version 1.1.4 and earlier, RealPlayer 11.1 and earlier, and RealPlayer Enterprise 2.1.2 and earlier. Microsoft discovered and disclosed the vulnerability...

Vulnerabilities in Ektron CMS Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of two vulnerabilities affecting Ektron Web Content Management System CMS. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Ektron. Ektron...

Cisco Security Service File Verification Bypass Could Allow Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability in the Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop software. The vulnerability affects the Host Scan component included in Cisco AnyConnect VPN Clie...

Memory Corruption in Symantec Ghost Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Symantec Ghost Solutions Suite SGSS 2.5.1, build 11.5.1.2266 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to...

Memory Corruption in QuickTime Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Apple QuickTime software version 7.7.2 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

Vulnerability in NVIDIA Stereoscopic 3D Driver Could Allow Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting the NVIDIA Stereoscopic 3D driver. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, NVIDIA. NVIDIA has...

Memory Corruption in Nitro Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Nitro Pro version 7.5.0.29 and earlier versions and Nitro Reader version 2.5.0.45 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...

Vulnerability in SumatraPDF Reader Could Allow Remote Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting SumatraPDF Reader version 2.1.1 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor,...

Clickjacking Vulnerability in Facebook.com Could Allow Account Compromise

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting the popular social networking site, Facebook.com. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, Facebook In...

Vulnerability in LongTail Video JW Player Could Allow Cross-Site Scripting

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting LongTail Video JW Player software version 5.9.2145 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the...

Vulnerabilities in FFmpeg Libavcodec Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of three vulnerabilities in the FFmpeg codec library software version 0.10 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected...

Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting Nitro Pro version 7.5.0.22 and earlier versions and Nitro Reader version 2.5.0.36 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated...