Microsoft Windows OLE Dialog Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files RTF. An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited,...

Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...

Sun Solaris Telnet Remote Authentication Bypass Vulnerability

Description Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication. Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers...

Microsoft Office Malformed String Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files. This issue is currently being exploited via Excel files .xls, but other Office applications may also be vulnerable. An attacker could exploit...

Microsoft Word 2000 Malformed Function Code Execution Vulnerability

Description Microsoft Word 2000 is prone to a remote code-execution vulnerability. Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users. Note that...

Symantec Web Security Multiple Vulnerability

SUMMARY A Cross Site Scripting Vulnerability and a denial of service vulnerability have been discovered in the Symantec Web Security SWS products. Severity Medium Remote | Yes ---|--- Local Access | No Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Product | Versi...

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Description NCTsoft NCTAudioFile2 ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. NCTAudioEditor is a collection of ActiveX controls for...

Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability

Description Microsoft Windows is prone to a buffer-overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Technologies Affected Avaya...

Microsoft Office And Microsoft Windows RichEdit Component Remote Code Execution Vulnerability

Description Microsoft Office and Microsoft Windows RichEdit component are prone to a remote code-execution vulnerability. This issue occurs when malformed Rich Text Files RTF are processed. An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerabilit...

Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed iCal requests. A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid in t...

Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability

Description Microsoft Excel is reportedly prone to an unspecified remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Office file...

Microsoft Outlook Advanced Find Remote Code Execution Vulnerability

Description Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed saved search files. A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid...

Microsoft Excel Malformed String Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which could result in the compromise of affected computers. Technologies Affected Microsoft...

Microsoft Excel IMDATA Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application, which can result in the compromise of affected computers. Technologies Affected Microsoft Excel 2000...

Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers. Technologies Affected...

Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability

Description Microsoft Outlook is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed email messages. A remote attacker can exploit this issue to crash affected email clients. This issue will persist as long as the email message resides on t...

Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which can result in the compromise of affected computers. Technologies Affected Microsoft...

Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes certain Office files. Note that this issue may not be exploited automatically through email. For an attack to succeed, a victim must manually open an attachment sent by...

Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability

Description Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized stack-based memory buffer. Exploiting this issue allows remote attackers to execute arbitrary...

Microsoft Windows CSRSS HardError Messages Denial of Service Vulnerability

Description Microsoft Windows is prone to a local denial-of-service vulnerability because the operating system fails to handle certain API calls with unexpected parameters. A local unprivileged attacker may exploit this issue by executing a malicious application. Successful exploits will allow...

Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability

Description Microsoft Outlook Express is prone to a remote code-execution vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. A remote attacker can exploit this issue to execute arbitrary code with the privileges of...

Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in a complete compromise of vulnerable computers. Note that this issue affects only...

Windows Media Player Remote ASF File Buffer Overflow Vulnerability

Description Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files. Successfully...

Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks. Technologies Affected Avaya Messaging Application Server Avaya S8100 Media Servers Avaya S8100 Media...

Microsoft Windows SNMP Service Remote Code Execution Vulnerability

Description Microsoft Windows SNMP service is prone to a memory-corruption vulnerability because the software fails to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary...

Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors. An attacker may exploit this vulnerability to execute arbitrary code in the context of the user running the affected browser...

Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks. Technologies Affected Avaya Messaging Application Server Avaya S8100 Media Servers Avaya S8100 Media...

Microsoft Windows Manifest File Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability because the software fails to properly process and manage file manifests. An attacker may exploit this issue to manipulate file manifests to elevate user privileges. Successful exploits will result in the complet...

Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders DHTML script functions or nonexistent DHTML elements. An attacker could exploit this issue to execute arbitrary code in the context of the affected...

Microsoft Word Malformed Data Structures Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user. Th...

Windows Media Player ASX PlayList File Heap Overflow Vulnerability

Description Windows Media Player is prone to a heap-overflow issue. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes. Technologies Affected Avaya Agent...

Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability

Description Acer LunchApp.APlunch ActiveX is prone to a remote code-execution vulnerability. Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and possibly to compromise affected computers. This issue affects...

Microsoft Agent ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Agent ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Avaya S8100 Media Servers Avaya S8100 Media Servers R10 Avaya S8100 Media Servers...

Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser. This...

Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability

Description Microsoft Client Service for Netware is prone to a remote code-execution vulnerability. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected service. Note that the Client Service for Netware is not installed by...

Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability

Description Microsoft Windows Workstation service is prone to a remote code-execution vulnerability. Exploiting this issue allows remote, anonymous attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected...

Microsoft Client Service for Netware Denial of Service Vulnerability

Description Microsoft Client Service for Netware is prone to a denial-of-service vulnerability. Exploiting this issue would cause the affected computer to crash, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya S8100 Media Servers Avaya S8100 Med...

Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability

Description Microsoft XML Core Service is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts will result in a...

Symantec Device Driver Elevation of Privilege

SUMMARY Symantec was notified of a vulnerability in a device driver which, if successfully exploited, could allow a local attacker to execute arbitrary code with elevated privileges or to crash the system. Risk Impact Medium Remote | No ---|--- Local | Yes Authentication Required | Yes Exploit...

Symantec Mail Security for Domino Server Relay

SUMMARY Premium Antispam feature of Symantec Mail Security for Domino is vulnerable to allowing a Domino server to be used as an unintended mail relay. This could be used to relay SPAM mail anonymously. Severity Medium can be used to send SPAM Remote | Yes ---|--- Local | No Authentication Requir...

Microsoft Windows SMB Rename Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because the Server service fails to properly handle network messages. Exploiting this issue may cause affected computers to crash, denying service to legitimate users. To exploit this issue, an attacker must have...

Microsoft Office Improper Memory Access Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...

Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability

Description Microsoft ASP.NET is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input before it is rendered in the browser of an unsuspecting user in the context of the affected site. An attacker may leverage this issue to have arbitrar...

Microsoft Word Malformed String Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...

Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...

Microsoft Word Mail Merge Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...

Microsoft Windows Object Packager Remote Code Execution Vulnerability

Description The Microsoft Windows Object Packager is prone to a remote code-execution vulnerability. This issue is due to how the affected component handles file extensions. This vulnerability could let an attacker spoof dialogues, enticing a victim into installing a file that has been...

Microsoft Excel Lotus 1-2-3 File Handling Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. This issue was originally described in BID 18989 and has now been assigned its own BID...

Microsoft XML Core Services Information Disclosure Vulnerability

Description Microsoft XML Core Services is prone to an information-disclosure vulnerability. This vulnerability is caused by an error in how the affected component handles server redirects. An attacker can exploit this vulnerability by enticing a victim user into visiting a malicious web page...

Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...