Symantec Reporting Server Password Disclosure

SUMMARY The administrator password for Symantec Reporting Server could be disclosed after a failed login attempt. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Affected Products Product | Affected...

Symantec Enterprise Security Manager Denial-of-Service

SUMMARY Symantec Enterprise Security Manager ESM is susceptible to a race condition that can lead to a denial-of-service. Risk Impact Medium Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Vulnerable Products Only the...

Symantec pcAnywhere Remote User Credential Disclosure

SUMMARY Symantec pcAnywhere fails to properly protect remote user credentials stored in memory. Risk Impact Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Products | Versions ---|--- Symantec pcAnywhere | 11.5.x No...

Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability

Description Symantec Norton Antivirus ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits will allow attackers to execute arbitrary code in the context of th...

Microsoft Excel Set Font Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks...

Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Microsoft BizTalk Server 2004 Developer Edition SP1 Microsoft...

Microsoft Outlook Web Access Remote Script Injection Vulnerability

Description Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments. To exploit this issue, attackers must send specially crafted files through email messages to users of the affected applicatio...

Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability

Description Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application,...

Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability

Description Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying...

Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to remote code-execution vulnerability. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. Technologies Affected Avaya Agent Access Avaya Basic Call Management System...

Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles uninitialized or deleted objects. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected...

Microsoft Exchange iCal Request Remote Denial of Service Vulnerability

Description Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending...

Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrar...

Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing a victim into opening a malicious Office file. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed...

Microsoft Excel BIFF Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks...

Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Visual Basic 6 TypeLib Information Library TLI ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote...

Microsoft Excel Filter Records Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks...

Microsoft Word Array Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected...

Microsoft Word RTF Parsing Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected...

Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability

Description Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successful exploits allow remote attackers to execute arbitrary machine code i...

Akamai Download Manager ActiveX Control Multiple Buffer Overflow Vulnerabilities

Description Akamai Download Manager is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Exploiting these issues allows remote attackers to execute...

Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability

Description Microsoft Windows Domain Name System DNS Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call RPC interface. A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in...

Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability

Description The Microsoft Win32 API is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious webpage. Technologies Affected Avaya CIE 1.0 Avaya Messaging Application Server Avaya Messaging Application Server MM 1.1 Ava...

Microsoft Content Management Server Remote Code Execution Vulnerability

Description Microsoft Content Management Server MCMS is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges...

Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests. To exploit this issue, an attack...

Microsoft Content Management Server Cross-Site Scripting Vulnerability

Description Microsoft Content Management Server MCMS is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Microsoft Agent URI Processing Remote Code Execution Vulnerability

Description The Microsoft Agent ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability...

Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability

Description Microsoft Windows CSRSS client/server run-time subsystem is prone to local privilege-escalation vulnerability. Successful attacks will result in the complete compromise of affected computers. Technologies Affected Avaya Agent Access Avaya Basic Call Management System Reporting Desktop...

Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability

Description Microsoft Windows CSRSS client/server run-time subsystem MsgBox is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Note that this issue can also be exploited locally by an authenticated user to...

Microsoft Windows Help File Unspecified Heap Overflow Vulnerability

Description The Microsoft Windows Help File viewer is reported prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers. This vulnerability presents itself when the application handles a specially...

Symantec Enterprise Security Manager Remote Upgrade Authentication Bypass

SUMMARY Symantec Enterprise Security Manager is susceptible to a remote code execution vulnerability. Severity High Remote | Yes ---|--- Local Access | Yes Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Vulnerable Products The following supported ESM agent and...

Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability

Description Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected...

Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability

Description Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability. Successful exploits may result in a complete compromise of affected computers. Technologies Affected Avaya Customer Interaction Express CIE Server 1.0 Avaya Customer Interaction Express C...

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

Description Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions...

Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files. An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A...

Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability

Description Microsoft Office Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a maliciously crafted Publisher file. Successful exploits may allow attackers to execute arbitrary code with privileges of the us...

Trend Micro ServerProtect SPNTSVC.EXE Multiple Stack Buffer Overflow Vulnerabilities

Description Trend Micro ServerProtect is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting these issues allows attackers to execute...

Microsoft Excel Worksheet Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file .xls. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote...

Microsoft Antivirus Engine Integer Overflow Vulnerability

Description Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files. This issue is currently being exploited via Portable Document Files PDF, but other Microsoft applications are also reported vulnerable. An attacker could...

Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability

Description Microsoft Windows Image Acquisition WIA service is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers. NOTE: The affected service is...

Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability

Description Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a bookmark...

Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote...

Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...

Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Avaya Agent Access Avaya Basic Call Management System Reporti...

Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability

Description The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files RTF. An attacker could exploit this issue by...

Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote...

Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation. A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers. Technologies...