Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB Server Message Block protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise ...

Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability

Description Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to...

Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Microsoft WordPad Text Converter Remote Code Execution Vulnerability

Description Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may resu...

Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability

Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause...

Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability

Description Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow...

Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because Windows Explorer fails to correctly free memory when saving the Windows Search saved-search files. Attackers may exploit this issue by enticing victims into opening and saving a maliciously crafted saved-searc...

Microsoft Charts ActiveX Control Memory Corruption Vulnerability

Description Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability

Description Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN Service Principle Name implementation. A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user. Technologies Affected HP...

Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability

Description The GDI component of Microsoft Windows is prone to a heap-overflow vulnerability that may be triggered by a malicious WMF Windows Metafile image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. Technologies Affected HP...

Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability

Description Microsoft Word is prone to a heap-based memory-corruption vulnerability. An attacker can exploit this issue by sending a specially crafted Word file to an unsuspecting user and enticing them to open it with a vulnerable application. A successful exploit will allow attackers to execute...

Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability

Description Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromi...

Microsoft SharePoint Server Unauthorized Access Vulnerability

Description Microsoft SharePoint Server is prone to a vulnerability that could let remote attackers gain unauthorized access. A successful exploit will let attackers access certain administrative functions of the SharePoint Server. Technologies Affected Microsoft SharePoint Server 2007 Microsoft...

Microsoft Windows GDI WMF Integer Overflow Vulnerability

Description The GDI component of Microsoft Windows is prone to an integer-overflow vulnerability that may be triggered by a malicious WMF Windows Metafile image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. Technologies Affected...

Microsoft Word Malformed Value Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

Microsoft Excel Name Record Array Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Word Malformed Record Value Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Faile...

Microsoft Word RTF Malformed String Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability

Description Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' Intra-Site Automatic Tunnel Addressing Protocol URLs. An attacker can use this vulnerability to obtain information that may aid in further attacks. Technologies Affected HP...

Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability

Description Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will...

Microsoft Excel Formula Handling Remote Code Execution Vulnerability

...

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Description Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities. Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges,...

Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability

Description Microsoft XML Core Services MSXML is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain...

Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability

Description Microsoft XML Core Services MSXML is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain...

Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability

Description Adobe Reader is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash t...

Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects RPC Remote Procedure Call handling in the Server service. An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete...

Symantec Altiris Deployment Solution Elevation of Privilege Clear Text Password in Memory

SUMMARY An elevation of privilege issue via a privileged access password stored in memory has been identified and resolved in the Symantec Altiris Deployment Solution. Successful exploitation could potentially allow a non-privileged user with authorized access to the system hosting the Deployment...

Symantec Altiris Deployment Solution Local Access Elevation of Privilege in Client GUI

SUMMARY A local access elevation of privilege issue has been identified and resolved in the Symantec Altiris Deployment Solution Client GUI. Successful exploitation could result in unauthorized local system access on a client system. Severity Medium Remote Access adjacent network | No ---|--- Loc...

Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...

Microsoft Office CDO Protocol Cross Site Scripting Vulnerability

Description Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an...

Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Host Integration Server RPC Remote Command Execution Vulnerability

Description Microsoft Windows is prone to a remote command-execution vulnerability in the SNA service through a remote procedure call RPC. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected service...

Microsoft Excel Formula Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow...

Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer...

Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability in the Ancillary Function Driver 'afd.sys'. A successful exploit of this vulnerability will let a local attacker completely compromise an affected computer. Technologies Affected Microsoft Windows Server 2003...

Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...

Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability

Description Microsoft Windows Active Directory is prone to a remote code-execution vulnerability that arises because the application fails to handle specially crafted LDAP or LDAP over SSL LDAPS requests in a proper manner. Successfully exploiting this issue would allow an attacker to execute...

Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may...

Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer...