Microsoft Internet Explorer 'SwapNode()' CVE-2011-2000 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...

Microsoft Forefront Unified Access Gateway (CVE-2011-1897) Cross-Site Scripting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Microsoft Forefront Unified Access Gateway 'MicrosoftClient.Jar' Remote Code Execution Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a remote code-execution vulnerability. Successful exploits will allow attackers to execute arbitrary code in the context of the logged-in user. Technologies Affected Microsoft Forefront Unified Access Gateway 2010 Microsoft...

Microsoft Forefront Unified Access Gateway Null Session Cookie Denial of Service Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the web server of the affected application, denying service to legitimate users. Technologies Affected Microsoft Forefront Unified Access Gateway...

Microsoft Windows Kernel '.fon' Font File Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malformed file on a remote network share. Successful exploits can allow attackers to execute arbitrary code with kernel-level...

Microsoft Internet Explorer 'Jscript9.dll' CVE-2011-1998 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...

Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-2011) Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a NULL-pointer dereference error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the...

Microsoft Forefront Unified Access Gateway (CVE-2011-1895) HTTP Response Splitting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could ai...

Microsoft Silverlight & .NET Framework Inheritance Restriction Remote Code Execution Vulnerability

Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...

Microsoft Forefront Unified Access Gateway (CVE-2011-1896) Cross-Site Scripting Vulnerability

Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Multi-Vendor Autonomy Verity Keyview Filter Multiple Issues

SUMMARY Multiple sources have identified several security issues in Autonomys Verity Keyview Content Filter libraries. Symantec has updated the Keyview modules being shipped with Symantec products to address these issues. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|---...

Symantec IM Manager Administrator Console Multiple Issues

SUMMARY Symantec IM Manager is vulnerable to Code Injection, Cross-Site Scripting and SQL Injection. Successful exploitation of these vulnerabilities could result in injection/execution of arbitrary code in the context of the browser or the application. AFFECTED PRODUCTS Product | Version |...

Microsoft Excel Malformed Object CVE-2011-1986 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft Excel Malformed Record CVE-2011-1988 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft Office 'MSO.dll' Uninitialized Pointer (CVE-2011-1982) Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Array Index CVE-2011-1990 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft Excel Array Indexing 'iax' Field Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft Excel Conditional Expression CVE-2011-1989 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers could exploit this issue by enticing victims to open a maliciously crafted Excel file. Successful exploits will allow attackers to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft SharePoint CVE-2011-1893 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft SharePoint 'EditForm.aspx' CVE-2011-1890 Script Injection Vulnerability

Description Microsoft SharePoint is prone to a script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow...

Microsoft SharePoint Calendar CVE-2011-0653 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft SharePoint Contact Details Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft Office Shared Component CVE-2011-1980 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Office is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Libra...

Microsoft SharePoint XML Handling Remote File Disclosure Vulnerability

Description Microsoft SharePoint is prone to a vulnerability that lets attackers access local files. An attacker can exploit this vulnerability to retrieve local files from a vulnerable computer in the context of the vulnerable service. Information obtained may aid in further attacks. Technologie...

Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting

SUMMARY The web console in the Symantec Endpoint Protection Manager 11.0 RU6 and maintenance packs based on RU6 are vulnerable to instances of cross-site scripting and cross-site request forgery that could lead to arbitrary code execution. AFFECTED PRODUCTS Product | Version | Build | Solutions...

Microsoft Windows NDISTAPI CVE-2011-1974 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Microsoft Internet Explorer Shift JIS Character Encoding Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information that m...

Microsoft Windows DNS Server Uninitialized Memory Remote Denial of Service Vulnerability

Description The Microsoft Windows DNS Server is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the DNS server service to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows Server 2003 Datacenter Edition...

Microsoft Internet Explorer Event Handlers Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information that m...

Microsoft Windows TCP/IP ICMP CVE-2011-1871 Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to restart the affected system, therefore denying service to legitimate users. Technologies Affected Avaya Conferencing Standard Edition 6.0 Avaya Conferencing Standard Edition 6...

Microsoft Visio CVE-2011-1972 Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Microsoft Visio CVE-2011-1979 Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Microsoft Windows Kernel CVE-2011-1971 Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 Standard Microsoft Windows 7 for 32-bit Systems Microsof...

Microsoft .NET Framework Chart Control Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Attackers can exploit this issue by submitting a specially crafted request to a vulnerable...

Microsoft Internet Explorer Telnet URI Handler Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability that lets attackers execute arbitrary remote code. An attacker can exploit this issue by enticing a legitimate user to use a vulnerable version of the application to access an HTML file from a network share location that contains...

Microsoft Visual Studio Report Viewer Control Multiple Cross Site Scripting Vulnerabilities

Description Microsoft Visual Studio is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Microsoft Remote Desktop Protocol CVE-2011-1968 Denial of Service Vulnerability

Description Microsoft Remote Desktop Protocol is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to shut down or restart the affected system, therefore denying service to legitimate users. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 5.0 Avaya...

Microsoft Remote Desktop Web Access CVE-2011-1263 Cross Site Scripting Vulnerability

Description Microsoft Remote Desktop Web Access is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

Microsoft Windows TCP/IP QOS CVE-2011-1965 Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to restart the affected system, therefore denying service to legitimate users. Technologies Affected Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems...

Microsoft Internet Explorer Window Open Race Condition Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Windows CSRSS CVE-2011-1967 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Microsoft Internet Explorer XSLT Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Windows DNS Server NAPTR Query Remote Heap Memory Corruption Vulnerability

Description The Microsoft Windows DNS Server is prone to a remote heap-based memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies...

Microsoft Internet Explorer Style Object Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Windows Data Access Component DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Windows is prone to an arbitrary-code-execution vulnerability that affects the Data Access Component. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application. Technologies Affected Avaya Aura Conferenci...

Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability

Description The Microsoft .NET Framework is prone to a security-bypass vulnerability. Attackers can exploit this issue to perform denial-of-service attacks, scan network resources, and obtain potentially sensitive information that was not intended to be disclosed. Technologies Affected Avaya Aura...

Drupal Core CVE-2011-2726 Access Bypass Vulnerability

Description Drupal is prone to an access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Drupal 7.0 through 7.4 are vulnerable. Technologies Affected Drupal Drupal 7.0 Drupal Drupal 7.1 Drupal...

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1874) Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...