Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability

Description Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to...

Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability

Description Snapshot Viewer for Microsoft Access is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. This will...

Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability

Description Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent Apple Remote Desktop. Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer. This issue is confirmed to affect Mac ...

Symantec Altiris Notification Server Agent GUI Local Elevation of Privilege

SUMMARY A non-privileged user can leverage the Symantec Altiris Notification Server Agent Graphical User Interface GUI to gain privileged access to the system. Severity Medium Remote Access adjacent network | No ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No...

Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability

Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files. Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this...

Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM Active Directory Application Mode, and AD LDS Active Directory Lightweight Directory Service fail to handle specially crafted Lightweight Directory Access Protocol LDAP...

Microsoft Windows WINS Server Local Privilege Escalation Vulnerability

Description Microsoft Windows WINS server is prone to a local privilege-escalation vulnerability that may be triggered by malicious WINS network packets. Successful exploits allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the affected computer...

Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP Service Discovery Protocol requests. To exploit this issue, an attacker must be within close physical...

Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM Pragmatic General Multicast network traffic. Attackers can exploit this issue to cause an affected computer to stop responding until it is manually...

Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability

Description Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running th...

Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to perform adequate boundary checks when handling certain HTML object data. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the applicatio...

Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM Pragmatic General Multicast network traffic. Attackers can exploit this issue to cause affected computers to stop responding until all the malformed packe...

Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability

Description Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed SAMI files. Successfully exploiting this issue allows remote attackers to execute...

Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability

Description Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files. Attackers can exploit this issue to cause an affected computer to stop responding or to restart...

Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability

Description Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input when parsing specially crafted files. Attackers can exploit this issue to cause an affected computer to stop responding or to restart...

Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Multiple Adobe Products BMP Image Header Buffer Overflow Vulnerability

Description Multiple Adobe products are prone to a buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. The vulnerability occurs when handling malformed image header data in image files. Successfully exploiting this issue allows attackers to...

Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution Vulnerability

Description Microsoft Works 7 'WkImgSrv.dll' ActiveX control is prone to a remote code-execution vulnerability because it fails to sufficiently verify user-supplied input. An attacker can exploit this issue to run arbitrary attacker-supplied code in the context of the currently logged-in user...

Microsoft Visio Memory Validation Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...

Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability

Description Microsoft Project is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft...

Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data. Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise...

Microsoft Visio Object Header Remote Code Execution Vulnerability

Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...

Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability

Description Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in...

Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability

Description Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary...

Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability

Description Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer...

Microsoft Windows DNS Client Service Response Spoofing Vulnerability

Description Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs. Successfully exploiting this issue allows remote attackers t...

Microsoft Windows GDI 'EMR_COLORMATCHTOTARGETW' Stack Overflow Vulnerability

Description Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer...

Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. The vulnerability resides in the Windows kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system. Technologies Affected Avaya Messaging Application Server Avay...

Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability

Description Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control typically Internet Explorer. Successful exploits will compromise the...

CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability

Description The Unicenter DSM r11 List Control ATX ActiveX control, included with CA BrightStor ARCserve Backup, is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issu...

Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability

Description Microsoft Excel is prone to a heap memory-corruption vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Office File Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Excel Import Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Outlook Mailto URI Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to adequately validate user-supplied data. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the currently logged-in user. This will...

Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability

Description Microsoft Office Web Components is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the conte...

Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability

Description Microsoft Office Web Components is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the conte...

Microsoft Excel Formula Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Style Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Conditional Formatting Values Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability

Description Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary-checks on user-supplied data. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file '.xls'...

RealNetworks RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability

Description RealNetworks RealPlayer 'rmoc3260.dll' ActiveX control is prone to a memory-corruption vulnerability. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will...

Rising Web Scan Object 'OL2005.dll' ActiveX Control Remote Code Execution Vulnerability

Description Rising Web Scan Object 'OL2005.dll' ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code on a victim's computer in the context of the vulnerable application using the ActiveX control typically Internet Explorer...

Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM Active Directory Application Mode fail to handle specially crafted Lightweight Directory Access Protocol LDAP requests. An attacker can exploit this issue to cause the...

Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability

Description Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...

Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability

Description Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component also known as the Web Client service. This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with...

Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer...

Microsoft Publisher Memory Index Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying...