6867 matches found
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the TCP/IP stack component 'tcpip.sys'. An attacker can exploit this issue to gain elevated privileges by executing arbitrary code in the context of another process. Failed exploit attempts may cause...
Microsoft Windows Partition Manager Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows Partition Manager 'partmgr.sys'. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of...
Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers or cause denial of servi...
Microsoft Excel SXLI Record Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Excel 'MergeCells' Record Heap Overflow Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...
Microsoft Windows CVE-2012-0180 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...
Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
Description Microsoft .NET Framework is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible...
Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the TrueType Font engine. An attacker can exploit this issue through the Windows Kernel-Mode drivers to execute arbitrary code in kernel mode. The attacker can also exploit this issue through Microsoft...
Microsoft Excel Memory Corruption CVE-2012-0143 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft Silverlight Double-Free CVE-2012-0176 Remote Code Execution Vulnerability
Description Microsoft Silverlight is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies Affected...
Microsoft Excel Memory Corruption CVE-2012-0142 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the...
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will likely result in a denial-of-service condition. Technologies...
Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability
Description Adobe Flash Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The following...
PHP 'php-cgi' Information Disclosure Vulnerability
Description PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected...
Oracle JRockit CVE-2012-1695 Remote Security Vulnerability
Description Oracle JRockit is prone to a remote security vulnerability. The vulnerability can be exploited over the 'Multiple' protocol. This vulnerability affects the following supported versions: 28.2.2 and before: JDK/JRE 5 and 6 27.7.1 and before: JKD/JRE 5 and 6 Technologies Affected Oracle...
Microsoft Internet Explorer CVE-2012-0172 VML Style Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Office Works File Converter (CVE-2012-0177) Heap Based Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted '.wps' file...
Microsoft Forefront Unified Access Gateway Information Disclosure Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microso...
Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability
Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...
Microsoft Internet Explorer CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencin...
Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability
Description The .NET Framework is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will cause denial-of-service conditions. In a web hosting environment,...
Microsoft Internet Explorer CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Windows Authenticode Signature Verification Function Remote Code Execution Vulnerability
Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE file. Successful exploits can allow attacke...
Microsoft Internet Explorer CVE-2012-0168 Print Feature Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may...
Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferenci...
Altiris WISE Package Studio SQL Injections
SUMMARY Symantecs Altiris WISE Package Studio is susceptible to SQL injection attacks. It is possible to execute arbitrary SQL queries on the backend database of a targeted system. AFFECTED PRODUCTS Product | Version | Build | Solution ---|---|---|--- Altiris WISE Package Studio | 8.0 and prior |...
Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability
Description Microsoft Visual Studio is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft Visu...
Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Expression is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link...
Microsoft Remote Desktop Protocol CVE-2012-0002 Remote Code Execution Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code in the context of the affected process. This may facilitate a complete system compromise. Failed attacks may cause denial-of-servi...
Microsoft Windows 'DirectWrite' API Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. Successful exploits will cause the vulnerable applications that use the affected API to crash or become unresponsive, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1...
Microsoft Remote Desktop Protocol Service CVE-2012-0152 Denial of Service Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the target service to stop responding, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2012-0157) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Description The Microsoft Windows DNS Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the DNS server service to stop responding, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura...
Symantec pcAnywhere awhost32 Denial of Service
SUMMARY A Denial of Service DoS exploit has been publicly released that can temporarily crash the awhost32 service for Symantec pcAnywhere. AFFECTED PRODUCTS Product | Version | Build | Solution ---|---|---|--- | | | Symantec pcAnywhere | 12.5.x | All | Upgrade to the latest release of pcAnywhere...
Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions...
Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...
Microsoft SharePoint 'wizardlist.aspx' Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Visio Viewer VSD File Format CVE-2012-0020 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Visio Viewer VSD File Format CVE-2012-0138 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability because of a use-after-free error in the 'Mshtml.dll' library. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromi...
Microsoft Visio Viewer VSD File Format CVE-2012-0137 Remote Code Execution Vulnerability
Description Microsoft Visio Viewer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
Description Oracle Java SE is prone to a remote code execution vulnerability in Java Runtime Environment. An attacker can exploit this issue to bypass the Java sandbox restriction and execute arbitrary code. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0...
Microsoft Windows Ancillary Function Driver CVE-2012-0149 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya Aura...
Microsoft Internet Explorer CVE-2012-0010 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because it fails to adequately validate user-supplied data during copy and paste operations. An attacker can exploit this issue to view content from a browser window in another domain or securi...
Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...
Microsoft SharePoint 'inplview.aspx' Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Internet Explorer Null Byte Handling Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to view content from the Internet Explorer's process memory. This may allow the attacker to obtain sensitive information or aid in further attacks. Technologies Affected...