6867 matches found
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3865 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...
Microsoft Word CVE-2013-3857 Remote Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Internet Explorer CVE-2013-3193 Use After Free Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a use-after-free memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 an...
Microsoft Internet Explorer CVE-2013-3124 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 is affected...
Microsoft Publisher CVE-2013-1327 Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...
Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability because it fails to properly validate the signature of a specially crafted XML file. Attackers can exploit this issue to bypass XML digital signature validation and spoof XML content by conducting man-in-the-middle...
Microsoft SharePoint CVE-2013-0085 Denial of Service Vulnerability
Description Microsoft SharePoint is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive, denying service to legitimate users. Technologies Affected Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Server 2010...
Microsoft Windows CVE-2013-1287 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2013-0089 Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Microsoft Windows 'Win32k.sys' CVE-2013-1267 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows SSLv3/TLS CVE-2013-0013 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability when handling the SSL version 3 SSLv3 and TLS protocols. To exploit this issue, an attacker must inject specially crafted content into an SSL/TLS session by performing man-in-the-middle attacks. Successful exploits may allo...
Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges on the affected computer. Technologies Affected Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.0 SP1 Microsoft .NET Framework 1.0...
Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges within the context of the application; this results in complete control of the affected system. Technologies Affected Microsoft .NET...
Symantec Ghost Solution Suite Memory Corruption
SUMMARY Symantecs Ghost Solution Suite is susceptible to memory corruption issues that could result in an application denial of service or possibly arbitrary code execution. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Ghost Solution Suite | 2.x | Upgrade to the latest...
Microsoft Word PAPX Section Corruption Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which...
Microsoft Internet Explorer CVE-2012-1881 'OnRowsInserted' Event Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...
Microsoft Internet Explorer Uninitalized Object CVE-2011-1993 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Microsoft Forefront Unified Access Gateway Null Session Cookie Denial of Service Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the web server of the affected application, denying service to legitimate users. Technologies Affected Microsoft Forefront Unified Access Gateway...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1881) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Adobe Acrobat and Reader CVE-2011-2096 Remote Heap Buffer Overflow Vulnerability
Description Adobe Acrobat and Reader are prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to 10.1 are affected. Technologies...
Microsoft Excel Heap Memory Corruption CVE-2011-1275 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Adobe Flash Player CVE-2011-0619 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1238) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1242) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Office TIFF Image Converter (CVE-2010-3947) Heap Based Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document containing a special...
Microsoft Internet Explorer CVE-2010-3348 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Word Bookmark Handling (CVE-2010-3216) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Word (CVE-2010-3217) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel CVE-2010-1251 Record Parsing Stack Corruption Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...
Symantec Altiris Deployment Solution dbmanager Denial of Service
SUMMARY Symantecs Altiris Deployment Solution is susceptible to a denial of service which can temporarily halt deployment solution activity. An attacker would need to be on the network segment to effectively implement the denial of service. AFFECTED PRODUCTS Product | Version | Build | Solutions...
Multi-Vendor Autonomy KeyView Filter Module OLE Document Processing Overflow
SUMMARY Symantec products that ship a third-party Autonomy KeyView filter have updated the module to address a vulnerability in the processing of specifically crafted OLE documents reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symante...
Microsoft DirectX DirectShow AVI File Parsing Remote Code Execution Vulnerability
Description Microsoft DirectX is prone to a remote code-execution vulnerability. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running an application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition...
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
Description Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions. Technologies...
Sun Java SE November 2009 Multiple Security Vulnerabilities
Description Sun has released updates to address multiple security vulnerabilities in Java SE. Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges, execute arbitrary code, and cause denial-of-service conditions. Other...
Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. The vulnerability is caused by an integer-underflow issue. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will...
Microsoft GDI+ Malformed Office BMP File Integer Overflow Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes BMP files in Microsoft Office documents. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user...
Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
Description Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects...
Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
Description Microsoft Internet Information Services IIS is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication. An attacker can exploit this issue to gain unauthorized access to protect...
Microsoft PowerPoint Sound Data (CVE-2009-0225) Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious PowerPoint 95 file. Successfully exploiting this issue can allow the attacker to execute arbitrary code in the context of the currently...
Microsoft PowerPoint Sound Data (CVE-2009-0223) Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...
Symantec Reporting Server Improper URL Handling Exposure
SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...
Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...
Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability
Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...