Adobe Reader 'CoolType.dll' TTF Font Remote Code Execution Vulnerability

Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Adobe Reader 9.3.4 is vulnerable; other...

Webkit Floating Point Datatype Remote Code Execution Vulnerability

Description WebKit is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Versions prior to Safari 5.0.2 and Safari 4.1.2 are...

PHP 'mmap()' Denial of Service Vulnerability

Description PHP is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to crash the affected application resulting in denial-of-service condition. Versions prior to PHP 7.4.0 are vulnerable. Technologies Affected PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.10 PHP PH...

Apple QuickTime '_Marshaled_pUnk' Remote Code Execution Vulnerability

Description Apple QuickTime is prone to a remote code-execution vulnerability that affects the 'QTPlugin.ocx' ActiveX control because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful...

Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya Aura...

Microsoft Internet Explorer Event Handler Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security...

Microsoft Word HTML Linked Object Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability because it fails to properly allocate heap-based memory. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...

Microsoft Windows Kernel Threads Creation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...

Microsoft Windows SMB Stack Exhaustion Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial-of-service vulnerability that affects the Microsoft Server Message Block SMB protocol software. A remote attacker can exploit this issue to stop the affected system from responding, resulting in denial-of-service conditions. Technologies Affected...

Microsoft Windows 'xxxCreateWindowEx()' Window Creation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...

Microsoft Internet Explorer "CIframeElement" Use After Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Excel 'PivotTable Cache Data' Record Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to...

Microsoft Windows Tracing Memory Corruption Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause a...

Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability

Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service...

Microsoft Internet Explorer Table Element Use After Free Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Windows SMB Variable Validation Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial-of-service vulnerability that affects the Microsoft Server Message Block SMB protocol software. A remote attacker can exploit this issue to stop the affected system from responding, resulting in denial-of-service conditions. Technologies Affected...

Microsoft Word Record RTF Parsing Engine Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

Description Microsoft MPEG Layer-3 audio decoder is prone to a remote buffer-overflow vulnerability because the applicaiton fails to perform adequate boundary-checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the...

Microsoft Windows Kernel Access Control Lists Local Denial of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to cause the system to become unresponsive and automatically restart, resulting in a denial-of-service condition. Technologies Affected Avaya Aur...

Microsoft Windows Movie Maker Remote Buffer Overflow Vulnerability

Description Microsoft Windows Movie Maker is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will cause a denial-of-service condition. Technologies Affect...

Microsoft Windows Service Isolation Bypass Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges from NetworkService to LocalSystem, which would facilitate the complete compromise of affected computers. Technologies Affected Microsoft Windo...

Microsoft Windows SMB Pool Overflow Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Microsoft Server Message Block SMB protocol software. A remote attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service...

Microsoft Windows 'xxxRealDrawMenuItem()' Function Local Denial Of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability that occurs in the Windows kernel. A local attacker may exploit this issue to cause the affected computer to crash and reboot, resulting in a denial-of-service condition. Technologies Affected Avaya Aura Conferencin...

Microsoft XML Core Service Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability

Description Microsoft XML Core Service is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the currently...

Microsoft Windows CVE-2010-1896 User Input Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...

Microsoft Internet Explorer 'boundElements' Use-After-Free Error Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Internet Explorer 'OnPropertyChange_Src()' Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Word 'sprmCMajority' Record Parsing Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft Word Record RTF Parsing Engine Remote Heap Buffer Overflow Vulnerability

Description Microsoft Word is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed...

Microsoft Windows CVE-2010-1895 User Pool Overflow Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers...

Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability

Description Microsoft Silverlight ActiveX control is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...

Microsoft Windows Cinepak Codec Media Decompression Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or visit a website containing malicious streaming media content. A successful exploit...

Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to render the affected system unresponsive, resulting in denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6.0 Standard...

Microsoft Internet Explorer Uninitialized Memory CVE-2010-2559 Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura...

Microsoft Windows Kernel Double Free Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

Microsoft Windows TCP/IP Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the TCP/IP implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computer...

Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects SChannel. Successful exploits will allow an attacker to run arbitrary code in the context of the currently logged-in user. Technologies Affected Avaya Aura Conferencing 6.0 Avaya Aura Conferencing 6.0...

Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability

Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are...

Multi-Vendor Autonomy KeyView Filter Multiple Security Issues

SUMMARY Symantec products that ship with the Verity KeyView Filter have updated the module to address multiple security issues being reported in the content filter processing of specifically crafted document formats. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec...

Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow Vulnerability

Description Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will like...

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to properly handle 'LNK' files or 'PIF' files. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim to view a specially crafte...

Microsoft Access 'AccWizObjects' ActiveX Control Remote Code Execution Vulnerability

Description Microsoft Access is prone to a remote code-execution vulnerability that affects the 'AccWizObjects' ActiveX control. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code...

Microsoft Access ActiveX Control Multiple Instantiation Remote Code Execution Vulnerability

Description Microsoft Access is prone to a remote code-execution vulnerability that affects ActiveX instantiations. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the...

Microsoft Outlook TNEF Stream With MAPI Attachment Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability because it fails to properly verify attachments. Attackers can exploit this issue by enticing an unsuspecting user into opening a specially crafted email attachment. Successfully exploiting this issue will allow an...

Adobe Acrobat and Reader 'AcroForm.api' GIF Image Remote Code Execution Vulnerability

Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions. Adobe Reader and Acrobat versions prior to and including 9.3.2 and 8.2.2 are affected. NOTE: This issue was...

Symantec Workspace Streaming Potential Unauthorized Downloads

SUMMARY Symantecs Workspace Streaming client fails to properly authenticate with the Symantec Workspace Streaming server when downloading files. This could potentially lead to unauthorized download of arbitrary code to a client system. AFFECTED PRODUCTS Products Affected Product | Version | Build...

Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability

Description Microsoft Windows Help And Support Center is prone to a trusted document whitelist bypass vulnerability. This issue may allow remote untrusted attackers to access arbitrary help documents which may lead to various attacks. An attacker can combine this vulnerability with another issue,...

Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness

Description Help and Support Center is prone to a cross-site scripting weakness because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the privileged zone of the browser of an unsuspecting user. NOTE: This issue is a...

Microsoft Windows Kernel 'Win32k.sys' Data Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...

Microsoft Excel 'ExternName' Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...