Microsoft Internet Explorer 'writing-mode' Uninitialized Memory Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes WMF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft Windows LSASS NTLM Implementation Remote Denial of Service Vulnerability

Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to cause the affected computer to crash and restart, denying service to legitimate users. Technologies Affected Avaya Meeti...

Microsoft Windows Media Runtime 'wmspdmod.dll' Speech Codec Remote Code Execution Vulnerability

Description Microsoft Windows Media Runtime is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will...

Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. This issue occurs when CCITT G4 compressed TIFF images are decompressed. An attacker could exploit this issue to execute arbitrary code with...

Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft Internet Explorer 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability

Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted Advanced Systems Format ASF files. An attacker can exploit this issue by enticing an unsuspecting user into opening a malicious file with the vulnerable application. A...

Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...

Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library within the .NET framework fails to properly handle certain API calls. Successful exploits can allow an attacker to execute arbitrary code with the privileges of the currently...

Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability

Description The .NET Framework is prone to a remote code-execution vulnerability because it fails to properly verify .NET applications before running them. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...

Microsoft Windows SMB2 Field Validation Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected computer to stop responding, denying service to legitimate users. Technologies Affected Microsoft Windows 7 RC Microsoft Windows 7 beta Microsoft Windows...

Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. The vulnerability stems from a NULL-pointer dereference. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will resu...

EasyBits Extras Manager Unspecified Vulnerability

Description EasyBits Extras Manager is prone to an unspecified vulnerability. The cause and impact of this issue are currently unknown. This issue affects versions prior to Extras Manager 2.0.0.67 shipped with versions prior to Skype 4.1.0.179 for Windows. Very few technical details are currently...

Adobe Acrobat Reader Remote Code Execution Vulnerability

Description Adobe Acrobat Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue by supplying a malicious PDF file. Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts...

Symantec Security Expressions Cross-site Scripting and HTML Injection Vulnerability

SUMMARY Symantecs SecurityExpressions Audit and Compliance Server is susceptible to a cross-site scripting and HTML injection vulnerability. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- SecurityExpressions Audit and Compliance Server | 4.1 4.1.1 | 4.1.1 KB49452 Hotfix 1 Note:...

Symantec Altiris Deployment Solution and Notification Server Management Console FileDownload Vulnera

SUMMARY Symantecs Altiris Deployment Solution and Notification Server install a vulnerable ActiveX control. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...

Microsoft DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft DHTML Editing Component ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...

Microsoft Windows Media Format ASF Header Invalid Free Memory Corruption Vulnerability

Description Microsoft Windows is prone to a remote memory-corruption vulnerability that arises when an affected Windows component handles a malicious ASF file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks wil...

Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...

Microsoft Windows Wireless LAN AutoConfig Frame Parsing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because the Wireless LAN AutoConfig Service fails to properly validate certain network frames. To exploit this issue, an attacker must be within close physical proximity of the affected computer. Attackers can exploit...

Microsoft Windows TCP/IP TimeStamps Remote Code Execution Vulnerability

Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Technologies Affected Avaya...

Microsoft JScript Scripting Engine Keyword Arguments Remote Code Execution Vulnerability

Description Microsoft JScript is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied input. Attackers can leverage this issue by enticing unsuspecting users to view a malicious webpage. Successful exploits would allow arbitrary code to run with the...

Microsoft Windows Media Format MP3 Metadata Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that arises when an affected Windows component handles a malicious MP3 file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the currently logged-in user. Failed attacks will...

Symantec Altiris Deployment Solution Multiple Vulnerabilities

SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...

Symantec Products Autonomy KeyView Module Vulnerability

SUMMARY Symantec products that ship a third-party Autonomy KeyView module have updated the module to address a vulnerability in the processing of Excel spreadsheets reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security...

Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability

Description Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting this issue will allow an attacker to corrupt memory and cause denial-of-service...

Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability

Description The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges...

Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability

Description The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will...

Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by sending specially crafted Remote Procedure Call RPC messages to a vulnerable computer. Successfully exploiting this issue will allow the attacker to execute arbitrary code with...

Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability

Description Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within...

Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability

Description Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to execute arbitrary co...

Microsoft Office Web Components ActiveX Control Stack Buffer Overflow Code Execution Vulnerability

Description The Microsoft Office Web Components ActiveX control is prone to a remote stack-based buffer-overflow vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code...

Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability

Description The Microsoft Active Template Library is prone to a remote code-execution vulnerability. NOTE: This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are likely unaffected. Remote attackers can exploit this issue to execute...

Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability

Description Microsoft Windows is prone to a remote integer-overflow vulnerability that arises when an affected Windows component handles a malicious Audio Video Interleave AVI file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed explo...

Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability

Description Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability when processing certain parameters returned by a malicious RDP Remote Desktop Protocol server. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execut...

Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that arises when an affected Windows component handles a malicious Audio Video Interleave AVI file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit...

Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability

Description Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...

Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability

Description Microsoft ASP.NET is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application pool on the affected webserver to become unresponsive, denying service to legitimate users. NOTE: This issue only affects ASP.NET on webservers running IIS 7 in...

Microsoft Windows Embedded OpenType Font Engine Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that may affect the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will completely compromise affected computers...

Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability

Description Microsoft Windows is prone to an authentication-bypass vulnerability in the Telnet protocol. An attacker can exploit this issue to gain unauthorized access to the affected computer with the privileges of the victim. Successful exploits may compromise the affected computer. Technologie...

Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability

Description The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed exploit attempts will result in a...

Microsoft Internet Explorer HTML Table Object Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause...

Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built with the affected library. Technologies Affected...

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit...

Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability

Description Adobe Acrobat, Reader, and Flash Player are prone to a remote code-execution vulnerability. An attacker can exploit this issue by supplying a malicious Flash '.swf' file or by embedding a malicious Flash application in a PDF file. Successful exploits may allow the attacker to execute...

Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability

Description Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by an error in decoding privileged instructions. Note that this issue affects only systems that do not use hardware-assisted virtualization. Successful exploits may allow local attackers t...

Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability

Description Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in...