Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability

Description Microsoft Object Linking and Embedding OLE Automation is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. An attacker could exploit this issue by enticin...

Microsoft Office Execution Jump Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-i...

Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability

Description Microsoft Internet Information Service IIS is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue wil...

Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying...

Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently...

Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability

Description Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will de...

Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability

Description Microsoft Works File Converter is prone to a remote heap-overflow vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...

Microsoft Internet Information Services ASP Remote Code Execution Vulnerability

Description Microsoft Internet Information Services IIS is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages. A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worke...

Microsoft Works File Converter Field Length Remote Code Execution Vulnerability

Description Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the...

Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities

Description Adobe Acrobat and Reader are prone to multiple arbitrary remote code-execution and security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Other attacks are also possible. Versions prior to Ado...

GlobalLink 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities

Description GlobalLink is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit these issues to execute arbitrary code within the context of application...

Microsoft Excel Macro Validation Uninitialized Variable Manipulation Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft Excel...

Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected...

Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability

Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete...

Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny...

Microsoft Windows Media Format Runtime ASF File Remote Code Execution Vulnerability

Description Windows Media Player is prone to a remote code-execution vulnerability because it fails to properly handle malformed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit...

Microsoft Internet Explorer cloneNode() and nodeValue() Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer...

Microsoft Internet Explorer Element Tags Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer...

Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability

Description DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit...

Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote...

Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because it fails to adequately handle user-supplied input to certain DHTML object methods. Attackers can exploit this issue to execute arbitrary code in the context of a user running the application...

Microsoft Windows Vista Kernel ALPC Local Privilege Escalation Vulnerability

...

Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer...

Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability

Description Microsoft Message Queuing MSMQ is prone to a stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the...

Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability

Description Microsoft DirectX is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash the application. Technologies Affected Avaya Messaging Application...

Autonomy KeyView Lotus 1-2-3 File Multiple Buffer Overflow Vulnerabilities

Description Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities. Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application. Multiple applications incorporate the vulnerable KeyView component, so they...

RETIRED: Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability

Description Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. This issue occurs when handling specially crafted RTSP Response headers...

Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability

Description Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. This issue occurs when handling specially crafted RTSP Response headers...

Xunlei Thunder PPLAYER.DLL_1_WORK ActiveX Control Buffer Overflow Vulnerability

Description Xunlei Thunder PPlayer ActiveX Control is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the applicati...

Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability

Description Microsoft Jet Database Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will...

Microsoft Windows Recursive DNS Spoofing Vulnerability

Description Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests. A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. Technologies Affected Avaya Messaging...

Symantec Mail Security KeyView Module Multiple Buffer Overflow

SUMMARY Multiple buffer overflow vulnerabilities have been identified in the Autonomy KeyView module used in Symantecs Mail Security products. Severity Medium Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | Yes AFFECTED PRODUCTS Product |...

Altiris Deployment Solution Directory Traversal

SUMMARY Symantecs Altiris Deployment Solution is vulnerable to an elevation of privilege attack. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No AFFECTED PRODUCTS Affected Products Product | Version | Build | Solution...

Altiris Deployment Solution Elevation of Privilege

SUMMARY Symantecs Altiris Deployment Solution is vulnerable to an elevation of privilege attack. Risk Impact Medium Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No AFFECTED PRODUCTS Affected Products Product | Version | Build | Solution...

GlobalLink ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability

Description GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected...

SSReader Ultra Star Reader ActiveX Control Register Method Buffer Overflow Vulnerability

Description SSReader Ultra Star Reader is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of t...

RealPlayer ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability

Description RealPlayer is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer. Attackers can exploit this issue to execute arbitrary code in the context of the...

Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability

Description Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control typically Internet...

Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets. Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitima...

Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability

Description Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute...

Microsoft Internet Explorer Address Bar Spoofing Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue...

Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content. Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affect...

Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability

Description Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful...

Microsoft Windows URI Handler Command Execution Vulnerability

Description Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicio...

Apple QuickTime for Windows Remote Code Execution Vulnerability

Description QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely . Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the...

Adobe Acrobat Mailto PDF File Command Execution Vulnerability

Description Adobe Acrobat is prone to a command-execution vulnerability when handling malicious PDF files. Remote attackers can exploit this issue to compromise affected computers.. The vendor reports that this issue can be exploited only through Internet Explorer 7 installed on Microsoft Windows...

Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability

Description Microsoft Agent agentsvr.exe is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently...

Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability

Description Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers. Microsoft Windows Services for UNIX 3.0 and...