Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected H...

Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability

...

Microsoft Windows VAD Local Privilege Escalation Vulnerability

...

Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Windows Internet Printing Service Integer Overflow Vulnerability

Description Microsoft Internet Printing Service is prone to an integer-overflow vulnerability. Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges. Technologies Affected HP Storage Management Appliance 2.1 Microsoft Windows 2000 Advanced Server...

Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability

Description The Microsoft Message Queuing service MSMQ is prone to a remote heap-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result i...

Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow...

Symantec Device Driver Local Elevation of Privilege

SUMMARY A Gear Software device driver distributed with several Symantec products contains a flaw which, if successfully exploited, could allow a local elevation of privilege. Risk Impact Medium Remote Access adjacent network | No ---|--- Local Access | Yes Authentication Required | Yes Exploit...

Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability

Description Microsoft Office OneNote is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the current...

Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability

Description The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affect...

Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...

Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability

...

Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may...

Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...

Microsoft GDI+ BMP Integer Overflow Vulnerability

Description Microsoft GDI+ is prone to an integer-overflow vulnerability. An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file. Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the...

Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability

Description Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF Enhanced Metafile image file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the...

JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability

Description Ichitaro is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition. Ichitaro 2008 is vulnerable; other versio...

Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability

Description The Microsoft Visual Studio ActiveX control, MaskedEdit, is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application...

Microsoft Office PICT Filter Parsing Remote Heap Buffer Overflow Vulnerability

Description Microsoft Office is prone to a remote heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data. An attacker could exploit this issue by enticing a victim to open a malicious PICT file. Successfully exploiting this...

Microsoft Excel Index Array Remote Code Execution Vulnerability

...

Microsoft Windows Image Color Management Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because of a flaw in the Microsoft Color Management System MSCMS module of the Image Color Management System ICM. An attacker could exploit this issue by enticing a victim to open a malicious image file. Successfully...

Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-i...

Microsoft Windows Event System Array Index Verification Remote Code Execution Vulnerability

Description Microsoft Windows Event System is prone to a remote code-execution vulnerability. Remote authenticated attackers can exploit this issue to execute arbitrary code with SYSTEM privileges. A successful attack can result in a full compromise of the affected computer. Technologies Affected...

Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability

Description Microsoft Windows Messenger is prone to an information-disclosure vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page. Successfully exploiting this issue allows remote attackers to obtain sensitive information that may ai...

Microsoft Windows IPsec Information Disclosure Vulnerability

...

Microsoft Office WPG Image File Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious WPG WordPerfect Graphics file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the...

Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft PowerPoint List Value Parsing Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Excel Record Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability

Description Microsoft Outlook Express And Windows Mail are prone to an information-disclosure vulnerability because of an error in the Windows MHTML protocol handler. Note that an attacker can exploit this issue via Internet Explorer because the browser internally uses the vulnerable component of...

Microsoft Office Malformed Malformed PICT Filter Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PICT file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Office Malformed BMP Filter Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious BMP file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft PowerPoint Picture Index Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability due to an integer-overflow error. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code...

Microsoft Internet Explorer HTML Component Handling Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft PowerPoint Picture Index Variant Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Excel Credential Caching Vulnerability

Description Microsoft Excel is prone to a vulnerability that allows unauthorized access to remote data source credentials that have been cached in Excel files. This issue is limited to Microsoft Excel 2007 and Microsoft Office 2008 for Mac. Technologies Affected Avaya Messaging Application Server...

Microsoft Windows Event System User Subscription Request Remote Code Execution Vulnerability

Description Microsoft Windows Event System is prone to a remote code-execution vulnerability. Remote authenticated attackers can exploit this issue to execute arbitrary code with SYSTEM privileges. A successful attack can result in a full compromise of the affected computer. Technologies Affected...

Microsoft Excel Indexing Validation Remote Code Execution Vulnerability

...

Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability that occurs when the application tries to parse a specially crafted web page. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Office Malformed EPS Filter Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious EPS Encapsulated PostScript file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of t...

Microsoft SQL Server On-Disk MTF Data Structures Remote Memory Corruption Vulnerability

Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code in the context of the server. Failed attacks will likely caus...

Microsoft Windows Explorer saved-search File Remote Code Execution Vulnerability

Description Microsoft Windows Explorer is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Technologies Affected Avaya Messaging Application Server...

Microsoft Windows DNS Server Cache Poisoning Vulnerability

Description Microsoft Windows DNS servers are prone to a vulnerability that lets attackers poison DNS caches. This occurs because the software fails to properly handle responses containing data outside of their authority. Successfully exploiting this issue allows remote attackers to poison DNS...

Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Description Microsoft Outlook Web Access OWA for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability

Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...

Microsoft SQL Server INSERT Statement Remote Memory Corruption Vulnerability

Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...

Microsoft Word Malformed Record Value Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. Successful attacks may allow arbitrary malicious code to run in the context of the user running the application. Failed attack attempts may result in a crash. Reports indicate that this issue affects Microsoft Office XP...

Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulnerability

Description Microsoft Outlook Web Access OWA for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Microsoft SQL Server Memory Page Reuse Information Disclosure Vulnerability

Description Microsoft SQL Server is prone to an information-disclosure vulnerability caused by a memory-reallocation flaw. An attacker with operator access may leverage this issue to obtain potentially sensitive information that could aid in further attacks. Technologies Affected Microsoft Data...