Microsoft Windows Kernel Image File Relocation Local Denial Of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability that affects the Windows kernel. Attackers can exploit this issue to cause affected computers to become unresponsive and restart, causing a denial-of-service condition. Technologies Affected Avaya Meeting Exchange -...

Microsoft Windows SMB Client Memory Allocation Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Technologies Affected Avaya Meeting Exchange - Client...

Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability

Description Microsoft Windows Media Player ActiveX control is prone to a remote code-execution vulnerability when handling specially crafted media content. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker ...

Microsoft Windows SMB Client Response Parsing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Technologies Affected Avaya Meeting Exchange - Client...

Microsoft Windows ISATAP Component IPv6 Address Spoofing Vulnerability

Description Microsoft Windows is prone to a spoofing vulnerability that affects the ISATAP component. An attacker can exploit this issue to spoof IPv6 addresses. This may allow the attacker to bypass filtering devices that rely on the source IPv6 addresses; information disclosure and other attack...

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability

Description Microsoft Windows Authenticode Signature Verification is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to run or install a specially modified signed Portable Executable PE or cabinet file. Successful exploits can...

Microsoft Windows SMTP Server MX Record Denial of Service Vulnerability

Description The Microsoft Windows Simple Mail Transfer Protocol SMTP Server is prone to a denial-of-service vulnerability. Successful exploits will cause the affected SMTP server to stop responding, denying service to legitimate users. Technologies Affected Avaya Meeting Exchange - Client...

Microsoft Windows Kernel Invalid Registry Key Local Denial Of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability that affects the Windows kernel. Attackers can exploit this issue to cause affected computers to become unresponsive and restart, causing a denial-of-service condition. Technologies Affected Avaya Meeting Exchange -...

JustSystems Ichitaro Font Information Processing Remote Code Execution Vulnerability

Description Ichitaro is prone to a remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro 2010 and prior versions are vulnerable...

Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities

Description Java Runtime Environment JRE is prone to arbitrary code-execution vulnerabilities that affect multiple Java plugins for multiple browsers. Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications. The issues affect Jav...

Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability

Description Oracle Java SE and Java for Business are prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. An attacker does not require privileges to exploit this vulnerability. This vulnerability affects the following supported...

Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability

Description Oracle Java SE and Java for Business are prone to a remote code-execution vulnerability affecting the 'Sound' component. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result...

Microsoft Internet Explorer 'Tabular Data Control' ActiveX Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability

Description Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment JRE. Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. Versions prior to Java 5.0 Update...

Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability

Description Microsoft Data Access Components are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...

Microsoft Internet Explorer 'CStyleSheet' Uninitialized Memory Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. NOTE: This issue was originally...

Microsoft Excel DbOrParamQry Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel MDXTUPLE Record Remote Heap Buffer Overflow Vulnerability

Description Microsoft Excel is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user...

Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel EntExU2 Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability

Description Microsoft Movie Maker and Producer are prone to a buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Object Type Confusion Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel XLSX File Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims to open a specially crafted 'XLXS' Excel file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Meetin...

Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability

Description Microsoft Excel is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user...

Multi-Vendor Autonomy KeyView Filter Module OLE Document Processing Overflow

SUMMARY Symantec products that ship a third-party Autonomy KeyView filter have updated the module to address a vulnerability in the processing of specifically crafted OLE documents reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symante...

Symantec IM Manager Local-Access Cross-site Scripting

SUMMARY Symantecs IM Manager management console is susceptible to a cross-site scripting issue. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec IM Manager | 8.3 and 8.4 | Upgrade to 8.4.13 Note: Customers running 8.3 versions of Symantec IM Manager should upgrade to the lates...

Symantec Client Proxy Buffer Overflow in Older Product Versions

SUMMARY The Symantec Client Proxy integrated into older versions of Symantec AntiVirus and Symantec Client Security is vulnerable to a buffer overflow. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec AntiVirus | 10.0.x | Upgrade to SAV 10.1 MR9 10.1.x | Upgrade to to MR9 10.2...

Symantec Event Manipulation Potential Scan Bypass

SUMMARY On-demand scanning with Symantec AntiVirus can be bypassed by denying read access to user files. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec AntiVirus | 10.0.x | Upgrade to MR9 10.1.x Symantec AntiVirus | 10.2.x | Not Vulnerable Symantec Client Security | 3.0.x |...

Input validation errors in SYMLTCOM.dll can lead to a buffer overflow.

SUMMARY The Symantec Client Proxy integrated into older versions of Symantec AntiVirus and Symantec Client Security is vulnerable to a buffer overflow. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec AntiVirus | 10.0.x | Upgrade to SAV 10.1 MR9 10.1.x | Upgrade to to MR9 10.2...

Adobe Acrobat and Reader CVE-2010-0188 Remote Code Execution Vulnerability

Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following products are...

Microsoft PowerPoint 'OEPlaceholderAtom' Record Invalid Index Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious PowerPoint file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Windows Header MDL Fragmentation Remote Code Execution Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Technologies Affected...

Microsoft Windows SMB Memory Corruption Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability that affects the Microsoft Server Message Block SMB protocol software. An attacker can exploit this issue to crash the application, denying service to legitimate users. This vulnerability affects SMB1 and SMB2...

Microsoft Windows SMB Null Pointer Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability that affects the Microsoft Server Message Block SMB protocol software. An attacker can exploit this issue to crash the system, denying service to legitimate users. Technologies Affected Microsoft Windows 2000...

Microsoft Windows ICMPv6 Route Information Remote Code Execution Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will...

Microsoft Windows Double Free Memory Corruption Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed explo...

Microsoft PowerPoint Viewer TextBytesAtom Record Stack Overflow Remote Code Execution Vulnerability

Description Microsoft PowerPoint Viewer is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious PowerPoint file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currentl...

Microsoft Windows Client/Server Run-time Subsystem Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability in the Client/Server Run-time Subsystem CSRSS. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits may result in the complete compromise of affected...

Microsoft DirectX DirectShow AVI File Parsing Remote Code Execution Vulnerability

Description Microsoft DirectX is prone to a remote code-execution vulnerability. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running an application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition...

Microsoft PowerPoint File Path Handling Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious PowerPoint file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently logged-in user...

Microsoft Windows ICMPv6 Router Advertisement Remote Code Execution Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will...

Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Data Analyzer is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application...

Microsoft PowerPoint 'OEPlaceholderAtom' Record Corrupt Memory Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious PowerPoint file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. On some systems, remote attacks may result in denial-of-service conditions. Technologies Affected Avaya Meeting Exchange - Client...

Microsoft Windows TCP/IP Selective Acknowledgement Remote Denial of Service Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to render the affected system unresponsive and cause it to automatically restart. Repeated attacks will cause denial-of-service conditions...

Microsoft Office 'OfficeArtSpgr' Container Pointer Overwrite Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently logged-in user...

Microsoft Paint JPEG Image Processing Integer Overflow Vulnerability

Description Microsoft Paint is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Avaya...

Microsoft Windows SMB Client Pool Corruption Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Technologies Affected Avaya Meeting Exchange - Client...

Microsoft Windows SMB NTLM Authentication Unauthorized Access Vulnerability

Description Microsoft Windows is prone to an unauthorized access vulnerability that affects the Microsoft Server Message Block SMB protocol software. An unauthenticated attacker can exploit this issue to gain access to resources with the privileges of an authorized user, which may lead to other...