6867 matches found
Microsoft Publisher Array Index Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...
Microsoft SharePoint Malformed SOAP Request Remote Code Execution Vulnerability
Description Microsoft SharePoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the privileges of the guest account on the SharePoint server. Failed exploit attempts will result in a denial-of-service condition. Technologies...
Microsoft Publisher 'pubconv.dll' Array Index Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher 97 format file. Successfully exploiting this issue allows attackers to execute arbitrary code in the...
Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. A successful exploit will allow a remote attacker to cause the application to stop responding, denying service to legitimate users. The issue affects Microsoft Exchange Server 2007 Service Pack 2 for...
Microsoft Office TIFF Image Converter (CVE-2010-3950) Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document containing a specially crafted Tagged Image File Format TIFF image. Successfully exploiting this issue allows...
Microsoft Hyper-V VMBus Denial of Service Vulnerability
Description Microsoft Hyper-V is prone to a denial-of-service vulnerability. Using a guest system, a local attacker can exploit this issue to force the Hyper-V server to become unresponsive, denying service to legitimate users. The denial-of-service conditions would also affect other guest...
Microsoft Internet Explorer CVE-2010-3348 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft Windows OpenType Font (OTF) Driver CMAP Table Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the OpenType Font OTF driver. An attacker can exploit this issue to execute arbitrary code in kernel mode. Successful exploits will completely compromise an affected computer. Failed attempts will result ...
Microsoft Windows OpenType Font (OTF) Driver Invalid Array Index Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the OpenType Font OTF driver. An attacker can exploit this issue to execute arbitrary code in kernel mode. Successful exploits will completely compromise an affected computer. Failed attempts will result ...
Microsoft Windows OpenType Font (OTF) Driver Double-Free Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the OpenType Font OTF driver. An attacker can exploit this issue to execute arbitrary code in kernel mode. Successful exploits will completely compromise an affected computer. Failed attempts will result ...
Microsoft Windows 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability
Description Microsoft Office is prone to a remote integer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document that contains a specially...
Microsoft Windows 'Win32k.sys' Cursor Linking Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft Windows BranchCache DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Windows is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable system to open a file from a network share location that contains a specially crafted Dynamic Link Library D...
Microsoft Windows CVE-2010-3944 'Win32k.sys' Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the 'Win32k.sys' Windows kernel-mode driver. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromi...
Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Windows Consent User Interface Registry Key Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in Consent User Interface. An attacker can exploit this issue to execute arbitrary code with 'LocalSystem' privileges. Successful exploits will result in the complete compromise of affected computers...
Microsoft Internet Explorer CVE-2010-3342 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Au...
Microsoft Publisher 'pubconv.dll' Heap Based Buffer Overflow Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...
Microsoft Publisher (CVE-2010-3954) Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into opening a specially crafted Publisher file. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of t...
Microsoft Office FlashPix Image Converter (CVE-2010-3951) Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document that contains a specially craft...
Microsoft Office TIFF Image Converter (CVE-2010-3949) Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user into opening an Office document containing a specially crafted...
Microsoft Office FlashPix Image Converter (CVE-2010-3952) Multiple Buffer Overflow Vulnerabilities
Description Microsoft Office is prone to multiple remote buffer-overflow vulnerabilities because the software fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues by enticing an unsuspecting user into opening an Office document containing a special...
Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the 'RtlQueryRegistryValues' API function. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of...
PGP Desktop Unsigned Data Insertion
SUMMARY PGP Desktop versions are vulnerable to a data insertion vulnerability. Unsigned insecure data could be inserted into OpenPGP messages signed by a trusted source. When the message is decrypted and verified, PGP Desktop may incorrectly identify the message as being fully valid. AFFECTED...
Microsoft PowerPoint 'PP7X32.DLL' (CVE-2010-2572) Remote Heap-Based Buffer Overflow Vulnerability
Description Microsoft PowerPoint is prone to a remote heap-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. Technologies...
Microsoft Forefront Unified Access Gateway 'Signurl.asp' Cross-Site Scripting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the...
Microsoft Forefront Unified Access Gateway Web Monitor Cross-Site Scripting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because Web Monitor fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Microsoft Office RTF File Stack Buffer Overflow Vulnerability
Description Microsoft Office is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing a victim to open a malicious RTF file or view an email in RTF format...
Microsoft Forefront Unified Access Gateway Spoofing Vulnerability
Description Microsoft Forefront Unified Access Gateway UAG is prone to a spoofing vulnerability. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in...
Microsoft PowerPoint (CVE-2010-2573) Heap Corruption Vulnerability
Description Microsoft PowerPoint is prone to a remote heap-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with user-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result in a denial-of-service...
Microsoft Forefront Unified Access Gateway Mobile Portal Cross-Site Scripting Vulnerability
Description Microsoft Forefront Unified Access Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Microsoft Office Art Drawing Record Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the...
Microsoft Office Large SPID Read AV Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the...
Adobe Flash Player CVE-2010-3643 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This iss...
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
Description Adobe Reader is prone to a remote memory-corruption vulnerability. Successful exploits may allow attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Adobe Reader versions...
Adobe Flash Player CVE-2010-3648 Remote Memory Corruption Vulnerability
Description Adobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This iss...
JustSystems Ichitaro Multiple Remote Code Execution Vulnerabilities
Description Ichitaro is prone to multiple remote code-execution vulnerabilities. Attackers may exploit these issues to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro versions 2004 through 2010 are...
Microsoft Internet Explorer CSS Tags Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
Description Adobe Acrobat, Reader, and Flash are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. The following products are affected: Adobe Flash Player 10.1.85.3 and prior for...
Microsoft Excel Formula Substream (CVE-2010-3234) Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Word Uninitialized Pointer (CVE-2010-2747) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Word Return Value Handling (CVE-2010-3215) Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Word file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Ghost Record Type Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because the applications fails sufficiently validate user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel file. Successful exploits can allow attackers...
Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability
Description The Microsoft .NET Framework is prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the currently logged-in user or the service account associated with an application pool identity. Failed exploit...