6867 matches found
Microsoft Windows TLS Protocol CBC Mode Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information disclosure vulnerability that occurs because of a design error in the TLS protocol when the cipher-block chaining CBC mode of operation is used. An attacker can exploit this issue to gain access to sensitive information that may aid in...
Microsoft SharePoint 'scriptresx.ashx' Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows File/Directory Names Handling Arbitrary Command Injection Vulnerability
Description Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may...
Microsoft SharePoint CVE-2012-1862 URI Redirection Vulnerability
Description Microsoft SharePoint is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link,...
Microsoft SharePoint Search Scope Information Disclosure Vulnerability
Description Microsoft SharePoint is prone to a remote information-disclosure vulnerability. Attackers can leverage this issue to tamper with and access information about user search scopes. Information obtained may aid in further attacks. Technologies Affected Microsoft Office SharePoint Server...
Microsoft Internet Explorer CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft SharePoint CVE-2012-1861 HTML Injection Vulnerability
Description Microsoft SharePoint is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication...
Microsoft Internet Explorer CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Conferencing...
Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
Description Microsoft Data Access Components MDAC are prone to a heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed...
Microsoft Visual Basic for Applications DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Visual Basic for Applications is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially...
Symantec Message Filter Security Issues
SUMMARY Symantecs Message Filter management interface, the Brightmail Control Center, is susceptible to a number of security concerns resulting from improper input validation and authentication. Successful exploitation of these issues could result in unauthorized privileged access to the...
Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
SUMMARY Symantec LiveUpdate Administrator 2.3 and prior install some files with insecure file permissions during a default installation. These files allow full control permission to everyone which could result in arbitrary command execution with elevated privileges on the system. AFFECTED PRODUCT...
Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows CVE-2012-1864 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Lync CVE-2012-1849 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Lync is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library...
Microsoft .NET Framework Function Pointer Execution Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition...
Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Windows CVE-2012-1865 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Windows CVE-2012-1867 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2012-1881 'OnRowsInserted' Event Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft XML Core Services versions 3.0,...
Microsoft Dynamic AX Enterprise Portal Cross Site Scripting Vulnerability
Description Microsoft Dynamic AX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Windows 'Win32k.sys' CVE-2012-1868 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2012-1872 EUC-JP Character Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Intern...
Microsoft Internet Explorer Scrolling Events Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...
Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability
Description Microsoft Internet Explorer and Microsoft Lync are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Groove Server 2010 Microsoft Groove Server 2010 SP1...
Microsoft Remote Desktop Protocol CVE-2012-0173 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code with full user-level privileges. This may facilitate a complete system compromise. Failed attacks may cause denial-of-service...
Microsoft Internet Explorer CVE-2012-1875 Same ID Property Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Oracle Java SE CVE-2012-1723 Remote Code Execution Vulnerability
Description Oracle Java SE is prone to a remote code execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Hotspot' sub-component. This vulnerability affects the following supported versions: 7 Update 4, 6 Update 3...
Microsoft Windows CVE-2012-1866 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1873 Null Byte Handling Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 8 Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1874 Developer Toolbar Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Microsoft Internet Explorer CVE-2012-1523 Center Element Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Internet...
Intel CPU Hardware Local Privilege Escalation Vulnerability
Description 64-bit operating systems and virtualization software running on Intel CPU hardware are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to escalate privileges and execute arbitrary code with kernel-level privileges or to do a guest-to-host virtual...
Symantec Endpoint Protection Multiple Issues
SUMMARY Specific versions of the Symantec Endpoint Protection Management Console in Symantec Endpoint Protection 11.x and Symantec Network Access Control 11.x are susceptible to a potential local access elevation of privilege. The Management Console in Symantec Endpoint Protection 12.1 is...
Symantec Endpoint Protection Manager 11.x Denial of Service
SUMMARY Versions of Symantec Endpoint Protection Manager 11.0 running the Network Threat Protection module on Windows Server 2003 are susceptible to a Denial of ServiceDoS. Successful exploitation could potentially result in the system hosting Symantec Endpoint Protection Manager becoming...
Symantec Web Gateway Multiple Security Issues
SUMMARY Symantecs Web Gateway management GUI is susceptible to file include command injection/execution, file upload/execution and file download/deletion security issues. The management GUI is also susceptible to cross-site scripting XSS. Successful exploitation could result in execution of...
Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft...
Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft Excel Memory Corruption CVE-2012-0142 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
Description Microsoft .NET Framework is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible...
Microsoft Windows Partition Manager Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows Partition Manager 'partmgr.sys'. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of...
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability that occurs when an application using the library tries to process a specially crafted Enhanced Metafile EMF image. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently...