Microsoft Office Malformed Chart Record Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...

Microsoft Office Smart Tag Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...

Microsoft Word Mac Remote Code Execution Vulnerability

Description Microsoft Word for Mac is prone to a remote code-execution vulnerability when parsing Word files. Exploiting this vulnerability may allow an attacker to execute arbitrary machine code in the context of the user who opened the file. An attacker could leverage this issue to gain the...

Microsoft PowerPoint Data Record Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...

Microsoft Office Malformed Record Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...

Microsoft Windows XML Core Services XSLT Buffer Overrun Vulnerability

Description Microsoft Windows is prone to a remotely exploitable buffer-overrun condition in the XSLT implementation of XML core services. An attacker can exploit this issue to execute arbitrary code on an unsuspecting victim's computer. This may facilitate a remote compromise. Technologies...

Apple Mac OS X Pre 10.4.8 Multiple Security Vulnerabilities

Description Apple Mac OS X is prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. An attacker can exploit these issues to execute...

Apple QuickTime Plug-In Arbitrary Script Execution Weakness

Description Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Althoug...

Symantec: SymEvent Driver Local Access System Denial of Service

SUMMARY A local access denial of service DoS issue has been identified in the Symantec SymEvent driver used in Symantec consumer and corporate/enterprise products listed below. A local user with authorized access to the targeted system can initiate a DoS in the affected Symantec application...

Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method...

Symantec AntiVirus Corporate Edition Elevation of Privilege

SUMMARY An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine. Risk Impact Medium Remote Access | No ---|--- Local Access | Yes...

Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. An attacker can exploit this issue to execute arbitrary code within the conte...

Microsoft Publisher Font Parsing Remote Code Execution Vulnerability

Description Microsoft Publisher is prone to a code-execution vulnerability. This is due to a flaw when handling malformed PUB files. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Technologies Affected ...

Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Variant Vulnerability

Description Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability. A successful exploit may result in arbitrary code-execution in the context of the user running the browser. This issue was introduced with the rereleased patches of Microsoft advisory MS06-042. This issue ...

Microsoft PGM Remote Buffer Overflow Vulnerability

Description Microsoft Pragmatic General Multicast PGM is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check externally supplied data. An attacker can exploit this issue to execute arbitrary code, facilitating a complete system compromise. This...

Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability

Description Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

Symantec Enterprise Security Manager Denial-of-Service

SUMMARY Symantec Enterprise Security Manager is susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Vulnerable...

Microsoft Windows Server Service Remote Buffer Overflow Vulnerability

Description Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability. This vulnerability arises when the service processes a malicious message in RPC communications. A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full...

Microsoft Windows Unhandled Exception Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability because of an error in how the OS unloads chained exceptions. Attackers could exploit this vulnerability via a malicious web page. A successful exploit would aid in the remote compromise of affected computers...

Microsoft Internet Explorer Window Location Cross-Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain. Attackers could exploit this issue to gain access to sensitive information that is...

Microsoft Internet Explorer Source Element Cross-Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to...

Microsoft Windows User Profile Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. The vulnerability is caused by an insecure search path for the WinLogon facility. If exploited, this could let an attacker run an arbitrary DLL with elevated privileges. This issue is reported to affect Windows...

Microsoft Winsock Gethostbyname Buffer Overflow Vulnerability

Description The Microsoft Winsock API is prone to a buffer-overflow vulnerability. This issue can occur when the API is invoked via a malicious file or web page that is sufficient to trigger the vulnerability. If the exploit is successful, attacker-supplied code will execute, completely...

Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability

Description A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs due to insufficient bounds checking when checking the properties of malicious documents. As a result, a malformed document may be able to trigger a buffer-overflow within the...

Microsoft Windows DNS Client Buffer Overrun Vulnerability

Description Microsoft Windows is prone to a remotely exploitable buffer overrun condition in the DNS client. This issue is exposed when a client handles a malicious response from a DNS server. Attackers may leverage this to execute arbitrary code and launch a complete compromise of the affected...

Microsoft Powerpoint Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. This issue occurs when the application handles malformed record data within a presentation file. A successful exploit of this issue will let attackers execute arbitrary code in the context of the targeted user...

Microsoft Management Console Zone Bypass Vulnerability

Description Microsoft Management Console MMC is prone to a cross-zone scripting vulnerability because the operating system fails to properly restrict access to MMC components, allowing the MMC files to be referenced from the Internet Zone in some cases. Exploiting this vulnerability could let an...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue stems from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

Microsoft Internet Explorer Chained Cascading Style Sheets Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to remote code-execution vulnerability. This issue is related to how the browser handles chained CSS Cascading Style Sheets. An attacker could exploit this issue to execute arbitrary code in the context of the user visiting a malicious web page. Th...

Microsoft Internet Explorer HTML Layout and Positioning Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout and positioning combinations. An attacker could exploit this issue to execute arbitrary code in the context of the user...

Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability

Description A local privilege-escalation vulnerability affects Microsoft Windows 2000. This vulnerability affects the Windows kernel; local attackers may exploit it to completely compromise an affected computer. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000...

Microsoft Hyperlink Object Library Function Remote Buffer Overflow Vulnerability

Description Microsoft's Hyperlink Object Library is prone to a buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue allows attackers to...

Symantec On-Demand Protection Encrypted Data Exposure

SUMMARY Symantec On-Demand Agent SODA and Symantec On-Demand Protection SODP provide a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enable...

Symantec Brightmail AntiSpam Multiple Vulnerabilities

SUMMARY Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS...

Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability

Description Microsoft WebViewFolderIcon ActiveX control is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the...

Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow Vulnerability

Description Microsoft Windows Server driver is prone to a remote heap buffer-overflow vulnerability. This issue is due to a failure of the software to properly bounds check user-supplied input prior to copying it to an insufficiently-sized memory buffer. Exploiting this issue allows anonymous,...

Microsoft Excel COLINFO Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...

Microsoft Office Malformed GIF File Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability when handling a malformed GIF file. The issue occurs when an Office application such as Excel, Word, or PowerPoint tries to open a malformed GIF file. An attacker could exploit this vulnerability to corrupt memory and...

Microsoft Excel File Rebuilding Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Excel Selection Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Office Malformed PNG File Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability when handling a malformed PNG graphic file. The issue occurs when an Office application such as Excel, Word, or PowerPoint tries to open a malformed PNG graphic file. An attacker could exploit this vulnerability to cau...

Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability

Description Microsoft Windows DHCP Client service is prone to a remote code-execution vulnerability because the service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This vulnerability allows remote attackers to execute arbitrary...

Microsoft Excel FNGROUPCOUNT Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Excel Selection Record Variant Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Office Property Code Execution Vulnerability

Description Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Technologies Affected...

Microsoft Windows Server Driver Remote Information Disclosure Vulnerability

Description Microsoft Windows Server driver is susceptible to a remote information-disclosure vulnerability. This issue is due to a flaw in the handling of certain SMB traffic. Exploiting this issue allows remote attackers to gain access to potentially sensitive fragments of kernel memory. This m...

Microsoft Excel LABEL Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft IIS ASP Remote Code Execution Vulnerability

Description Microsoft Internet Information Server IIS is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. To exploit this issue, attackers must be able to place and execute...

Microsoft Office String Parsing Remote Code Execution Vulnerability

Description Microsoft Office is prone to a remote code-execution vulnerability. This issue is due to a failure of the software to properly handle malformed strings in Office documents. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users...

Microsoft Excel OBJECT Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...