6867 matches found
Microsoft Internet Explorer CVE-2014-0282 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability due to a use-after-free condition. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service...
Microsoft Internet Explorer CVE-2014-1781 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet Explorer ...
Microsoft SharePoint CVE-2014-1754 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Internet Explorer CVE-2014-1755 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing...
Microsoft Internet Explorer CVE-2014-0270 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya CallPilot 4.0 Avaya...
Microsoft Internet Explorer CVE-2014-0278 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya CallPilot 4.0 Avaya...
Microsoft Office WPD File Processing CVE-2013-1325 Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Internet Explorer CVE-2013-3916 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8, 9, 10, and 11 ar...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3881 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...
Microsoft Excel CVE-2013-3890 Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Excel 2007 SP3 Microsoft...
Microsoft Word CVE-2013-3854 Remote Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Word CVE-2013-3848 Remote Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Internet Explorer CVE-2013-3187 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 and 10 are...
Symantec Web Gateway Security Issues
SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to security issues. Successful exploitation could result in unauthorized command execution on or access to the management console, or the appliance itself. There is also potential for unauthorized database manipulation...
Microsoft Internet Explorer CVE-2013-3152 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 10 is affected...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-1340 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Internet Explorer CVE-2013-3141 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8 and 9 are affecte...
Microsoft Windows CVE-2013-1286 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows 'Win32k.sys' CVE-2013-1256 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1263 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1252 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Silverlight Double-Free CVE-2012-0176 Remote Code Execution Vulnerability
Description Microsoft Silverlight is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies Affected...
Microsoft Internet Explorer CVE-2012-0172 VML Style Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Windows CSRSS CVE-2011-3408 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with administrator privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya Aura...
Adobe Flash Player CVE-2011-2452 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions...
Microsoft Forefront Unified Access Gateway (CVE-2011-1895) HTTP Response Splitting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could ai...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1885) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...
Microsoft Windows Distributed File System Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. The issue affects the Windows Distributed File System DFS. An attacker can exploit this issue by sending a specially crafted DFS response to the affected application. Successfully exploiting this issue allows an...
Microsoft Excel Out of Bounds WriteAV CVE-2011-1279 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a boundary condition error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft PowerPoint (CVE-2011-1270) Remote Buffer Overflow Vulnerability
Description Microsoft PowerPoint is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. Technologies Affected...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1239) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free condition. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kerberos Encryption Standard Spoofing Vulnerability
Description The Microsoft Windows implementation of Kerberos is prone to a security vulnerability that may allow attackers to downgrade the cipher suite. Successful exploits may allow attackers to change the default encryption standard to DES. This may allow attackers to read and forge all Kerber...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0087) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Multiple Symantec Intel Alert Management System Arbitrary Message Creation or Denial of Service
SUMMARY Symantec was notified of a improper message handling procedures in the Intel Alert Management System AMS2 that can be used to send arbitrary messages or kill the Intel Alert Handler service. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition...
Microsoft Data Access Components Data Source Name Buffer Overflow Vulnerability
Description Microsoft Data Access Components MDAC are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will...
Microsoft Excel Merge Cell Record Pointer (CVE-2010-3237) Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Word (CVE-2010-3214) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft WordPad Text Converter Word 97 File Parsing Memory Corruption Vulnerability
Description Microsoft WordPad Text Converter is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. Technologies...
Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability in the Client/Server Run-time Subsystem CSRSS. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits may result in the complete compromise of affected...
Symantec Security Expressions Cross-site Scripting and HTML Injection Vulnerability
SUMMARY Symantecs SecurityExpressions Audit and Compliance Server is susceptible to a cross-site scripting and HTML injection vulnerability. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- SecurityExpressions Audit and Compliance Server | 4.1 4.1.1 | 4.1.1 KB49452 Hotfix 1 Note:...
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built with the affected library. Technologies Affected...
Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are...
Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...
Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete...
Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
Description Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying...
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
Description Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successful exploits allow remote attackers to execute arbitrary machine code i...
Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation. A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers. Technologies...
Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability
Description Microsoft Office and Microsoft Windows RichEdit component are prone to a remote code-execution vulnerability. This issue occurs when malformed Rich Text Files RTF are processed. An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerabilit...
Apple Mac OS X Archive Metadata Command Execution Vulnerability
Description Apple Mac OS X is prone to an arbitrary command-execution vulnerability when processing metadata in archive files. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this...
Symantec LiveUpdate for Macintosh Local Privilege Escalation
SUMMARY Risk Impact Medium Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Product | Version | Build | Language | Solution ---|---|---|---|--- LiveUpdate for Macintosh | 3.0.0 | All | All | Live Update Patch 3.0.1 | All...