6867 matches found
Microsoft PowerPoint Notes Container Heap Memory Corruption Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...
Microsoft PowerPoint Sound Data (CVE-2009-1128) Multiple Remote Code Execution Vulnerabilities
Description Microsoft PowerPoint is prone to multiple remote code-execution vulnerabilities An attacker could exploit these issues by enticing a victim to open a malicious PowerPoint file. Successfully exploiting these issues would allow the attacker to execute arbitrary code in the context of th...
Symantec Log Viewer JavaScript Injection Vulnerabilities
SUMMARY The Log Viewer feature in some Symantec products contains two parsing errors which could be exploited through Java script injection. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Norton 360 | 1.0 | Run LiveUpdate in Interactive Mode Norton Internet Security | 2005 through 200...
Symantec Reporting Server Improper URL Handling Exposure
SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...
Symantec Alert Management System 2 multiple vulnerabilities
SUMMARY The version of Alert Management System 2 AMS2 used by some versions of Symantec System Center, Symantec Antivirus Server, and Symantec AntiVirus Central Quarantine Server contains four vulnerabilities. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec AntiVirus Corporate...
Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability
Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 and 9.1 for Linux are...
Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability
Description Adobe Reader is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. Reader 8.1.4 for Linux is vulnerable; oth...
Symantec Brightmail Gateway and Mail Security Appliance Cross-site Scripting and Elevation of Privil
SUMMARY Symantec Brightmail Gateways Control Center is susceptible to cross-site scripting and elevation of privilege vulnerabilities. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec Brightmail Gateway Appliance 8300 | All prior to 8.0.1 | Upgrade to 8.0.1 or later Symantec...
udev Netlink Message Validation Local Privilege Escalation Vulnerability
Description The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages. Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system. Versions prior to udev 1...
Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
Description Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application...
Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Windows HTTP Services WinHTTP is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise an affected application and possibly the...
Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows Vista Windows Server...
Microsoft Internet Explorer 'EMBED' Tag Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks...
Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability
Description Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service vulnerability. A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become unresponsive, denying service legitimate users. Technologies Affected...
Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
Description Microsoft Word 2000 is prone to a remote code-execution vulnerability because it fails to properly validate an unspecified string when parsing a WordPerfect document. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user...
Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows XP SP2 Windows Server...
Microsoft Excel Malformed Object Remote Memory Corruption Vulnerability
Description Microsoft Excel is prone to a memory-corruption vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application...
Microsoft ISA Server and Forefront Threat Management Gateway Cross-Site Scripting Vulnerability
Description Microsoft ISA Internet Security and Acceleration Server and Forefront Threat Management Gateway TMG are prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...
Microsoft WinHTTP Server Name Mismatch Certificate Validation Security Bypass Vulnerability
Description Microsoft Windows HTTP Services WinHTTP is prone to a security-bypass vulnerability because of an error in verifying website certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further...
Microsoft Internet Explorer Marquee Tag Handling Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...
Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows XP SP2 Windows Server...
Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability
Description Microsoft WordPad is prone to a remote code-execution vulnerability because of a stack-based buffer overflow that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...
Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...
Microsoft PowerPoint File Parsing 'OutlineTextRefAtom' Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
Description phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks...
Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the...
Symantec pcAnywhere Format String Denial of Service
SUMMARY Symantec pcAnywhere is susceptible to a format string vulnerability. An authorized local user may potentially leverage this to crash the pcAnywhere application, leading to a denial of service. AFFECTED PRODUCTS Product | Version | Build | Solution ---|---|---|--- Symantec pcAnywhere | 12....
Symantec Products Update Vulnerable Autonomy KeyView Module
SUMMARY Symantec products that ship and use a third-party Autonomy KeyView module have updated the module to address a buffer overflow vulnerability reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security for Domino |...
Microsoft Windows DNS Server WPAD Access Validation Vulnerability
Description The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid...
Microsoft Windows SChannel Authentication Spoofing Vulnerability
Description Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to properly validate certain client-server certificate exchanges. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user's credentials...
Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF image file. Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level...
Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability
Description The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to properly reuse cached responses. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch...
Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
Description The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol and ISATAP Intra-Site Automatic Tunnel Addressing Protocol entries. An authenticated attacker may...
Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...
Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
Description The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to...
Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...
Foxit Reader PDF Handling Multiple Remote Vulnerabilities
Description Foxit Reader is prone to multiple remote vulnerabilities, Attackers may leverage these issues to execute arbitrary code in the context of the application. Successful exploits may compromise the application and the underlying computer. Failed attacks will cause denial-of-service...
Microsoft Excel Invalid Object Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...
Adobe Acrobat and Reader PDF File Handling JBIG2 Image Remote Code Execution Vulnerability
Description Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. The issue affects Reader and...
Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...
Microsoft Visio Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...
Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...
Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...
Microsoft Visio Object Validation Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...
Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
Description Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...
Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
Description Microsoft Exchange Server is prone to a remote code-execution vulnerability. Remote attackers may exploit this issue by sending maliciously constructed TNEF-encoded email data to vulnerable servers. This issue will be triggered when a user views or previews the malicious email...
Symantec AppStream ActiveX Unauthorized Access
SUMMARY Vulnerabilities were reported in an ActiveX control that Symantecs AppStream 5.2.x Client installs. Exploitation of this issue could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user...
Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB Server Message Block protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete...