Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...

Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability

Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...

Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft IIS FTP Service CVE-2012-2532 Remote Command Injection Vulnerability

Description Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information...

Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...

Microsoft Excel CVE-2012-1886 Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2530 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...

Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability

Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...

Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the kernel. To exploit this issue, an attacker may entice an unsuspecting user into visiting a malicious webpage. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges...

Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...

Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...

Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...

Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability

Description Microsoft IIS is prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. Technologies Affected Avaya Conferencing Standard Edition 6.0.1 Microsoft IIS 7.5 Microsoft Windows 7 for...

Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...

Symantec Legacy Decomposer CAB File Issues

SUMMARY Symantec's legacy Decomposer engine fails to proper handle bounds checking when parsing files from some versions of CAB archives. This could result in the probability of an application crash in the majority of cases. A successfully crafted malicious CAB file could potentially result in...

Symantec Ghost Solution Suite Memory Corruption

SUMMARY Symantecs Ghost Solution Suite is susceptible to memory corruption issues that could result in an application denial of service or possibly arbitrary code execution. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Ghost Solution Suite | 2.x | Upgrade to the latest...

Microsoft Windows Kernel 'Win32k.sys' Integer Overflow Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Technologies Affected Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0.1 Avaya Communication Server 10...

Microsoft Word PAPX Section Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which...

Microsoft Works CVE-2012-2550 Word File Handling Remote Memory Corruption Vulnerability

Description Microsoft Works is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsof...

Microsoft SharePoint And Microsoft Lync HTML Sanitization Cross Site Scripting Vulnerability

Description Microsoft SharePoint and Microsoft Lync are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

Microsoft Word RTF File Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user, which can lead to a complete compromise of an affected computer. Technologies Affected Microsoft Office...

Microsoft SQL Server Report Manager CVE-2012-2552 Cross Site Scripting Vulnerability

Description Microsoft SQL Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Technologie...

Microsoft Windows Kerberos CVE-2012-2551 Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. Successful exploits will cause the system to crash, resulting in a denial-of-service condition. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft...

Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Visual Studio Team Foundation Server CVE-2012-1892 Cross Site Scripting Vulnerability

Description Microsoft Visual Studio Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Microsoft System Center Configuration Manager CVE-2012-2536 Cross Site Scripting Vulnerability

Description Microsoft System Center Configuration Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

PGP Universal Server Unauthorized Key Exposure

SUMMARY Symantecs PGP Universal Server, under specific circumstances, may inadvertently expose a PGP clients private key. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- PGP Universal Server | 3.2.x | PGP Universal Server 3.2.1 MP2 ISSUES CVSS2 Base Score | Impact | Exploitability |...

Symantec Messaging Gateway Security Issues

SUMMARY Symantec's Messaging Gateway management console is susceptible to several security issues including cross-site scripting/cross-site request forgery, an SSH account with a default password, file downloads and potential web application modifications. Successful exploitation could result in...

Adobe Acrobat and Reader CVE-2012-2049 Remote Buffer Overflow Vulnerability

Description Adobe Acrobat and Reader are prone to a remote stack-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions...

Microsoft Windows Remote Administration Protocol (RAP) Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability that affects the Windows Remote Administration Protocol RAP service. An attacker can exploit this issue to cause the RAP service to stop responding, denying service to legitimate users. Technologies Affected...

Microsoft Windows Print Spooler CVE-2012-1851 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers. Technologies Affected...

Microsoft Internet Explorer Layout Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows CVE-2012-2527 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Microsoft Internet Explorer Virtual Function Table Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer CVE-2012-2521 Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows Remote Administration Protocol (RAP) Remote Heap Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote heap-based buffer-overflow vulnerability because the library fails to perform adequate boundary-checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complet...

Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability

Description Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adob...

Microsoft Visio Viewer VSD File Format CVE-2012-1888 Remote Code Execution Vulnerability

Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Microsoft Office Memory Corruption CVE-2012-2524 Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Computer Graphics Metafile CGM graphics file. Successful exploits may allow attackers to...

Microsoft VBScript And JScript Scripting Engines Integer Overflow Code Execution Vulnerability

Description Microsoft VBScript and JScript scripting engines are prone to a remote code-execution vulnerability due to an integer-overflow error. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run wit...

Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability

Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...

Microsoft Windows Remote Administration Protocol (RAP) Remote Stack Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because the library fails to perform adequate boundary-checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the comple...

Microsoft Remote Desktop Protocol CVE-2012-2526 Remote Code Execution Vulnerability

Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code in the context of the affected process. This may facilitate a complete system compromise. Failed attacks may cause denial-of-servi...

Symantec Web Gateway Security Issues

SUMMARY Symantec's Web Gateway management console is susceptible to multiple security issues that include remote command execution, local file inclusion, arbitrary password change and SQL injection security issues. Successful exploitation could result in unauthorized command execution on or acces...

Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft Office for Mac Improper Folder Permissions Local Privilege Escalation Vulnerability

Description Microsoft Office for Mac is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with administrator privileges, resulting in a complete compromise of the affected computer. Microsoft Office for Mac 2011 is vulnerable...