Microsoft Windows 'Win32k.sys' CVE-2013-1252 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows Kernel CVE-2013-1279 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...

Microsoft Internet Explorer Shift JIS Character CVE-2013-0015 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Internet Explorer 6, 7, 8, and 9 are vulnerable. Technologies Affected Avaya Aura Conferencing 6.0 Avaya...

Microsoft Internet Explorer CDispNode Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows 'Win32k.sys' CVE-2013-1277 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Windows 'Win32k.sys' CVE-2013-1276 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Windows 'Win32k.sys' CVE-2013-1275 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Windows 'Win32k.sys' CVE-2013-1261 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Windows 'Win32k.sys' CVE-2013-1272 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Microsoft Internet Explorer pasteHTML Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer COmWindowProxy Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows NFS Server NULL Pointer Dereference Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability that affects its NFS server. Successful exploits will allow attackers to cause the affected computer to stop responding and reboot, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing...

Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution Vulnerability

Description Microsoft Windows Object Linking and Embedding OLE Automation is prone to a remote code-execution vulnerability due to an integer overflow error. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage or a specially crafted file. Successful...

Microsoft Windows TCP/IP TCP FIN WAIT CVE-2013-0075 Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows attackers to restart the affected system, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Conferencing 6.0.0...

Adobe Acrobat And Reader CVE-2013-0640 Remote Code Execution Vulnerability

Description Adobe Acrobat and Reader are prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or to crash the application. Limited information is known about this issue. We will...

Microsoft Windows 'Win32k.sys' CVE-2013-1264 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...

Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability

Description Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies...

Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability

Description Adobe Flash Player is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions. Technologies Affected Adobe Flash Player 10 Adobe Flash Player 10.0.12 .35 Adobe...

Oracle Java SE CVE-2013-0431 Remote Java Runtime Environment Vulnerability

Description Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'JMX' sub-component. This vulnerability affects the following supported versions: 7 Update 11 and prior Note: This issue wa...

MantisBT CVE-2013-1934 HTML Injection Vulnerability

Description MantisBT is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied data. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...

Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities

Description Oracle Java Runtime Environment is prone to multiple remote code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application. Versions prior to Oracle JRE 1.7.0 Update 11 are vulnerable. Technologies Affected CentOS CentO...

Microsoft .NET Framework CVE-2013-0001 Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...

Microsoft XML Core Services CVE-2013-0007 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Expression...

Microsoft System Center Operations Manager CVE-2013-0009 Cross Site Scripting Vulnerability

Description Microsoft System Center Operations Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges within the context of the application; this results in complete control of the affected system. Technologies Affected Microsoft .NET...

Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability

Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges; this may result in the attacker gaining complete control of the affected system. Technologies Affected Microsoft .NET Framework 1.0...

Microsoft Windows Print Spooler Service CVE-2013-0011 Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler Service. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for...

Microsoft System Center Operations Manager CVE-2013-0010 Cross Site Scripting Vulnerability

Description Microsoft System Center Operations Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability

Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges on the affected computer. Technologies Affected Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.0 SP1 Microsoft .NET Framework 1.0...

Microsoft OData CVE-2013-0005 Denial of Service Vulnerability

Description The Microsoft OData specification is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users. Technologies Affected Microsoft Management OData IIS Extension Microsof...

Microsoft XML Core Services CVE-2013-0006 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Expression...

Microsoft Windows SSLv3/TLS CVE-2013-0013 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability when handling the SSL version 3 SSLv3 and TLS protocols. To exploit this issue, an attacker must inject specially crafted content into an SSL/TLS session by performing man-in-the-middle attacks. Successful exploits may allo...

Microsoft Windows CVE-2013-0008 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Adobe Acrobat and Reader CVE-2013-0604 Remote Heap Based Buffer Overflow Vulnerability

Description Adobe Acrobat and Reader are prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Note...

Microsoft Internet Explorer 'CDwnBindInfo' Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Symantec Enterprise Security Manager Manager/Agent Local Elevation of Privilege

SUMMARY Symantecs Enterprise Security Manager ESM for Windows has an unquoted search path in the Manager and Agent components. This could allow a non-privileged local user, able to successfully insert arbitrary code in the root path, to potentially execute their code with elevated privileges duri...

Microsoft Windows IP-HTTPS Server Revoked SSL Certificate Validation Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability that affects the IP-HTTPS server component. Successful exploits may allow attackers to perform man-in-the-middle attacks or impersonate trusted clients, which will aid in further attacks. To exploit this issue an attacker...

Microsoft Windows CVE-2012-4774 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies Affected...

Microsoft Internet Explorer InjectHTMLStream Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft DirectX DirectPlay CVE-2012-1537 Heap Overflow Remote Code Execution Vulnerability

Description Microsoft DirectX is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted office documents. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user runnin...

Microsoft Windows TrueType Font CVE-2012-4786 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft...

Microsoft Word RTF File 'listoverridecount' Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which can lead to a complete compromise of the affected computer. Technologies Affected Microsoft Office...

Microsoft Windows OpenType Font (OTF) Driver CVE-2012-2556 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft...

Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Exchange Server RSS Feed Remote Denial of Service Vulnerability

Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. Successful exploits will allow attackers to cause the affected computer to become unresponsive, denying service to legitimate users. Technologies Affected Microsoft Exchange Server 2007 SP 1 Microsoft...

Microsoft Internet Explorer Improper Ref Counting Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Symantec Endpoint Protection Management Consoles Multiple Issues

SUMMARY The management console in Symantec Endpoint Protection Manager SEPM and Symantec Protection Center SPC for SEP 12.0 Small Business Edition, contains PHP scripts that do not properly validate external input. This could potentially result in remote code execution. Symantec Network Access...

Symantec Updates HP Autonomy Keyview Filter Issues Affecting Multiple Vendors

SUMMARY Multiple security issues have been identified in HP Autonomy's Keyview Content Filter libraries. Symantec has updated the Keyview modules being shipped with Symantec products in response to these issues. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail...

Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...