6867 matches found
Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library within the .NET framework fails to properly handle certain API calls. Successful exploits can allow an attacker to execute arbitrary code with the privileges of the currently...
Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes WMF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...
Microsoft Indexing Service ActiveX Control Remote Code Execution Vulnerability
Description The Microsoft Indexing Service ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of an...
Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. This issue occurs when CCITT G4 compressed TIFF images are decompressed. An attacker could exploit this issue to execute arbitrary code with...
Microsoft Windows Kernel Exception Handler Local Denial Of Service Vulnerability
Description Microsoft Windows is prone to a local denial-of-service vulnerability that affects the Windows kernel. The issue stems from an error in the kernel's exception handler. Attackers may exploit this issue to restart the system, causing a denial-of-service condition. Technologies Affected...
Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability
Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted Advanced Systems Format ASF files. An attacker can exploit this issue by enticing an unsuspecting user into opening a malicious file with the vulnerable application. A...
Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
Description Adobe Reader and Acrobat are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. This issue was previously covered in BID 36638 Adobe Reader and Acrobat...
Microsoft Windows LSASS NTLM Implementation Remote Denial of Service Vulnerability
Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to cause the affected computer to crash and restart, denying service to legitimate users. Technologies Affected Avaya Meeti...
Microsoft Windows SMB2 Field Validation Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected computer to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows 7 RC Microsoft Windows 7 beta Microsoft Windows...
Microsoft Internet Explorer 'Event' Object Copy Constructor Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability
Description Microsoft Silverlight and .NET Framework are prone to a remote code-execution vulnerability because they fail to properly handle interfaces when running .NET applications. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-i...
Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...
Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
EasyBits Extras Manager Unspecified Vulnerability
Description EasyBits Extras Manager is prone to an unspecified vulnerability. The cause and impact of this issue are currently unknown. This issue affects versions prior to Extras Manager 2.0.0.67 shipped with versions prior to Skype 4.1.0.179 for Windows. Very few technical details are currently...
Adobe Acrobat Reader Remote Code Execution Vulnerability
Description Adobe Acrobat Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue by supplying a malicious PDF file. Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts...
Symantec Security Expressions Cross-site Scripting and HTML Injection Vulnerability
SUMMARY Symantecs SecurityExpressions Audit and Compliance Server is susceptible to a cross-site scripting and HTML injection vulnerability. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- SecurityExpressions Audit and Compliance Server | 4.1 4.1.1 | 4.1.1 KB49452 Hotfix 1 Note:...
Symantec Altiris Deployment Solution and Notification Server Management Console FileDownload Vulnera
SUMMARY Symantecs Altiris Deployment Solution and Notification Server install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...
Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability
Description Microsoft Windows TCP/IP protocol implementation is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...
Microsoft Windows Media Format MP3 Metadata Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that arises when an affected Windows component handles a malicious MP3 file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...
Microsoft Windows Wireless LAN AutoConfig Frame Parsing Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability because the Wireless LAN AutoConfig Service fails to properly validate certain network frames. To exploit this issue, an attacker must be within close physical proximity of the affected computer. Attackers can exploit...
Microsoft DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability
Description The Microsoft DHTML Editing Component ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...
Microsoft Windows TCP/IP TimeStamps Remote Code Execution Vulnerability
Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Technologies Affected Avaya...
Microsoft JScript Scripting Engine Keyword Arguments Remote Code Execution Vulnerability
Description Microsoft JScript is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied input. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run with the...
Microsoft Windows Media Format ASF Header Invalid Free Memory Corruption Vulnerability
Description Microsoft Windows is prone to a remote memory-corruption vulnerability that arises when an affected Windows component handles a malicious ASF file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks wil...
Symantec Altiris Deployment Solution Multiple Vulnerabilities
SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...
Symantec Products Autonomy KeyView Module Vulnerability
SUMMARY Symantec products that ship a third-party Autonomy KeyView module have updated the module to address a vulnerability in the processing of Excel spreadsheets reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security...
Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability
Description Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting this issue will allow an attacker to corrupt memory and cause denial-of-service...
Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
Description Microsoft Windows is prone to an authentication-bypass vulnerability in the Telnet protocol. An attacker can exploit this issue to gain unauthorized access to the affected computer with the privileges of the victim. Successful exploits may compromise the affected computer. Technologie...
Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
Description The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will...
Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
Description Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to execute arbitrary co...
Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
Description Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability when processing certain parameters returned by a malicious RDP Remote Desktop Protocol server. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execut...
Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by sending specially crafted Remote Procedure Call RPC messages to a vulnerable computer. Successfully exploiting this issue will allow the attacker to execute arbitrary code with...
Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
Description The Microsoft Active Template Library is prone to a remote code-execution vulnerability. NOTE: This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are likely unaffected. Remote attackers can exploit this issue to execute...
Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
Description Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within...
Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
Description Microsoft ASP.NET is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application pool on the affected webserver to become unresponsive, denying service to legitimate users. NOTE: This issue only affects ASP.NET on webservers running IIS 7 in...
Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability
Description The Microsoft Office Web Components ActiveX control is prone to a remote stack-based buffer-overflow vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code...
Microsoft Windows Embedded OpenType Font Engine Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that may affect the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will completely compromise affected computers...
Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
Description Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...
Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
Description Microsoft Windows is prone to a remote integer-overflow vulnerability that arises when an affected Windows component handles a malicious Audio Video Interleave AVI file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed explo...
Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that arises when an affected Windows component handles a malicious Audio Video Interleave AVI file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit...
Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
Description The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a...
Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
Description The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges...
Microsoft Internet Explorer HTML Table Object Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause...
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit...
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built with the affected library. Technologies Affected...
Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
Description Adobe Acrobat, Reader, and Flash Player are prone to a remote code-execution vulnerability. An attacker can exploit this issue by supplying a malicious Flash '.swf' file or by embedding a malicious Flash application in a PDF file. Successful exploits may allow the attacker to execute...
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
Description Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in...
Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
Description Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine...
Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...