6867 matches found
Microsoft Internet Explorer CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Microsoft SharePoint CVE-2012-1861 HTML Injection Vulnerability
Description Microsoft SharePoint is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication...
Microsoft SharePoint Search Scope Information Disclosure Vulnerability
Description Microsoft SharePoint is prone to a remote information-disclosure vulnerability. Attackers can leverage this issue to tamper with and access information about user search scopes. Information obtained may aid in further attacks. Technologies Affected Microsoft Office SharePoint Server...
Microsoft Windows TLS Protocol CBC Mode Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information disclosure vulnerability that occurs because of a design error in the TLS protocol when the cipher-block chaining CBC mode of operation is used. An attacker can exploit this issue to gain access to sensitive information that may aid in...
Microsoft Office for Mac Improper Folder Permissions Local Privilege Escalation Vulnerability
Description Microsoft Office for Mac is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with administrator privileges, resulting in a complete compromise of the affected computer. Microsoft Office for Mac 2011 is vulnerable...
Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft SharePoint 'scriptresx.ashx' Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
Description Microsoft Data Access Components MDAC are prone to a heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed...
Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft SharePoint CVE-2012-1862 URI Redirection Vulnerability
Description Microsoft SharePoint is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link,...
Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Symantec Message Filter Security Issues
SUMMARY Symantecs Message Filter management interface, the Brightmail Control Center, is susceptible to a number of security concerns resulting from improper input validation and authentication. Successful exploitation of these issues could result in unauthorized privileged access to the...
Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...
Microsoft Internet Explorer CVE-2012-1872 EUC-JP Character Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Intern...
Microsoft Internet Explorer CVE-2012-1881 'OnRowsInserted' Event Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Lync CVE-2012-1849 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Lync is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library...
Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft .NET Framework Function Pointer Execution Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition...
Microsoft Internet Explorer CVE-2012-1873 Null Byte Handling Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 8 Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows CVE-2012-1867 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft XML Core Services versions 3.0,...
Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Microsoft Lync are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Groove Server 2010 Microsoft Groove Server 2010 SP1...
Microsoft Remote Desktop Protocol CVE-2012-0173 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code with full user-level privileges. This may facilitate a complete system compromise. Failed attacks may cause denial-of-service...
Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer Scrolling Events Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...
Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows CVE-2012-1865 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Intel CPU Hardware Local Privilege Escalation Vulnerability
Description 64-bit operating systems and virtualization software running on Intel CPU hardware are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to escalate privileges and execute arbitrary code with kernel-level privileges or to do a guest-to-host virtual...
Microsoft Windows 'Win32k.sys' CVE-2012-1868 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Dynamic AX Enterprise Portal Cross Site Scripting Vulnerability
Description Microsoft Dynamic AX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows CVE-2012-1864 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows CVE-2012-1866 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
Description Oracle Java SE is prone to a remote code execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Hotspot' sub-component. This vulnerability affects the following supported versions: 7 Update 4, 6 Update 3...
Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1523 Center Element Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Symantec Endpoint Protection Multiple Issues
SUMMARY Specific versions of the Symantec Endpoint Protection Management Console in Symantec Endpoint Protection 11.x and Symantec Network Access Control 11.x are susceptible to a potential local access elevation of privilege. The Management Console in Symantec Endpoint Protection 12.1 is...
Symantec Endpoint Protection Manager 11.x Denial of Service
SUMMARY Versions of Symantec Endpoint Protection Manager 11.0 running the Network Threat Protection module on Windows Server 2003 are susceptible to a Denial of ServiceDoS. Successful exploitation could potentially result in the system hosting Symantec Endpoint Protection Manager becoming...
Symantec Web Gateway Multiple Security Issues
SUMMARY Symantecs Web Gateway management GUI is susceptible to file include command injection/execution, file upload/execution and file download/deletion security issues. The management GUI is also susceptible to cross-site scripting XSS. Successful exploitation could result in execution of...
Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Word CVE-2012-0183 RTF Data Handling Remote Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to run a malicious .NET application or visit a site that hosts the malicious content as an Extensible Application Markup Language XAML...
Microsoft Windows CVE-2012-1848 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft GDI+ CVE-2012-0167 EMF Image Processing Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the...
Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability that occurs when an application using the library tries to process a specially crafted Enhanced Metafile EMF image. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently...
Microsoft Windows Firewall CVE-2012-0174 Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability that affects the TCP/IP stack 'tcpip.sys' component. An attacker can exploit this issue to bypass firewall restrictions of the system, that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 SP1...