6867 matches found
Microsoft PowerPoint 'LinkedSlideAtom' Heap Overflow Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious PowerPoint file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently...
Microsoft Paint JPEG Image Processing Integer Overflow Vulnerability
Description Microsoft Paint is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Avaya...
Microsoft Windows SMB Client Race Condition Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. On some systems, remote attacks may result in denial-of-service conditions. Technologies Affected Avaya Meeting Exchange - Client...
Microsoft Windows SMB Pathname Remote Buffer Overflow Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Microsoft Server Message Block SMB protocol software. An authenticated attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause...
Microsoft Windows SMB Memory Corruption Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability that affects the Microsoft Server Message Block SMB protocol software. An attacker can exploit this issue to crash the application, denying service to legitimate users. This vulnerability affects SMB1 and SMB2...
Symantec Altiris Notification Server 6.x Static Encryption Key
SUMMARY Symantecs Altiris Notification Server 6.0.x web console stores a static encryption key for encrypted credentials entered by the administrator. These credentials include ones used to enumerate the computers within a windows domain during discovery sessions allowing dissemination of Altiris...
Internet Explorer CVE-2010-0249 'srcElement()' Remote Code Execution Vulnerability
Description Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause...
Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Successful exploits may aid in the compromise of affected...
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
Description Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects Reader and Acrobat 9.2 and prior versions. Technologies...
Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability
Description Microsoft Windows Active Directory Federation Services ADFS is prone to an authentication-spoofing vulnerability affecting single sign-on SSO websites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers...
Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
Description Microsoft WordPad and Office Text Converters are prone to a remote memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions...
Microsoft Internet Explorer 'CAttrArray' Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability
Description The implementation of the Microsoft Protected Extensible Authentication Protocol PEAP used by Microsoft's Internet Authentication System is prone to a remote memory-corruption vulnerability. A remote attacker can exploit this issue to execute arbitrary code with SYSTEM-level privilege...
Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Project Invalid Resource Memory Allocation Remote Code Execution Vulnerability
Description Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...
Microsoft Active Directory Federation Services Header Validation Remote Code Execution Vulnerability
Description Microsoft Active Directory Federation Services ADFS is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application, which may aid in further attacks. Technologies Affected Microsoft Windows Server 2003...
Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
Description The implementation of the Protected Extensible Authentication Protocol PEAP used by Microsoft's Internet Authentication System is prone to an authentication-bypass vulnerability. Successful exploits would allow an attacker to gain unauthorized access to network resources. Technologies...
Microsoft Windows LSASS ISAKMP Message Remote Denial of Service Vulnerability
Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to consume an excessive amount of resources, denying service to legitimate users. Technologies Affected Microsoft Windows...
Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability
Description Adobe Illustrator is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious Encapsulated PostScript file. Successfully...
Symantec’s Altiris Deployment and Notification Management Web Console RunCmd Vulnerability
SUMMARY Symantecs Altiris Deployment Solution, Notification Server and Symantec Management Platform web consoles install a vulnerable ActiveX control. Exploitation of one of the methods used by this control could possibly lead to unauthorized information disclosure, system information corruption ...
Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute code with SYSTEM-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. Technologies Affected Microsoft Windows Server 2008 Datacenter...
Microsoft Excel Field Parsing Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel 'SxView' Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Document Parsing Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. This issue stems from a NULL-pointer dereference. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in t...
Microsoft Active Directory LDAP Request Stack Exhaustion Denial Of Service Vulnerability
Description Microsoft Active Directory is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the server, denying access to legitimate users. Technologies Affected Avaya Meeting Exchange - Client Registration Server Avaya Meeting Exchange - Enterprise Edition...
Microsoft Excel 'FEATHEADER' Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel 'PivotTable' Cache Record Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Index Parsing Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Excel Malformed BIFF Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the...
Microsoft Windows Kernel GDI Data Validation Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. This issue affects the Graphics Device Interface GDI. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result ...
Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerability
Description The Microsoft Windows License Logging Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges...
Microsoft Word Record Parsing Remote Stack Buffer Overflow Vulnerability
Description Microsoft Word is prone to a remote stack-buffer overflow vulnerability. Attackers can exploit this issue by enticing victims into opening a specially crafted Word '.doc' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running th...
Symantec Altiris Deployment Solution and Notification Server Management Web Console Browse and Save
SUMMARY Symantecs Altiris Deployment Solution and Notification Server web consoles install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the contex...
Sun Java SE November 2009 Multiple Security Vulnerabilities
Description Sun has released updates to address multiple security vulnerabilities in Java SE. Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges, execute arbitrary code, and cause denial-of-service conditions. Other...
Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability
Description Microsoft Silverlight and .NET Framework are prone to a remote code-execution vulnerability because they fail to properly handle interfaces when running .NET applications. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-i...
Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
Description Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue was previously covered in BID 36638 Adobe Reader and Acrobat...
Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...
Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...
Microsoft Internet Explorer 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Internet Explorer 'Event' Object Copy Constructor Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Windows SMB2 Field Validation Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected computer to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows 7 RC Microsoft Windows 7 beta Microsoft Windows...
Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability
Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted Advanced Systems Format ASF files. An attacker can exploit this issue by enticing an unsuspecting user into opening a malicious file with the vulnerable application. A...
Microsoft GDI+ Malformed Office Object Memory Corruption Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes Microsoft Office objects. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit...
Microsoft Windows LSASS NTLM Implementation Remote Denial of Service Vulnerability
Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to cause the affected computer to crash and restart, denying service to legitimate users. Technologies Affected Avaya Meeti...