6867 matches found
Microsoft PowerPoint Data Record Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...
Microsoft Windows XML Core Services XSLT Buffer Overrun Vulnerability
Description Microsoft Windows is prone to a remotely exploitable buffer-overrun condition in the XSLT implementation of XML core services. An attacker can exploit this issue to execute arbitrary code on an unsuspecting victim's computer. This may facilitate a remote compromise. Technologies...
Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint .ppt document to a user. Technologies Affected Microsoft Office 2000 Microsof...
Microsoft Office Malformed Chart Record Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files. An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could...
Microsoft Word Mail Merge Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...
Microsoft Word Malformed String Remote Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...
Apple Mac OS X Pre 10.4.8 Multiple Security Vulnerabilities
Description Apple Mac OS X is prone to multiple security vulnerabilities. These issue affect Mac OS X and various applications including CFNetwork, Safari, Kernel, ImageIO, LoginWindow, System Preferences, QuickDraw Manager, and Workgroup Manager. An attacker can exploit these issues to execute...
Apple QuickTime Plug-In Arbitrary Script Execution Weakness
Description Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Althoug...
Symantec: SymEvent Driver Local Access System Denial of Service
SUMMARY A local access denial of service DoS issue has been identified in the Symantec SymEvent driver used in Symantec consumer and corporate/enterprise products listed below. A local user with authorized access to the targeted system can initiate a DoS in the affected Symantec application...
Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method...
Symantec AntiVirus Corporate Edition Elevation of Privilege
SUMMARY An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine. Risk Impact Medium Remote Access | No ---|--- Local Access | Yes...
Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
Description Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. An attacker can exploit this issue to execute arbitrary code within the conte...
Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Variant Vulnerability
Description Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability. A successful exploit may result in arbitrary code-execution in the context of the user running the browser. This issue was introduced with the rereleased patches of Microsoft advisory MS06-042. This issue ...
Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability
Description Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
Microsoft PGM Remote Buffer Overflow Vulnerability
Description Microsoft Pragmatic General Multicast PGM is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check externally supplied data. An attacker can exploit this issue to execute arbitrary code, facilitating a complete system compromise. This...
Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a code-execution vulnerability. This is due to a flaw when handling malformed PUB files. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Technologies Affected ...
Symantec Enterprise Security Manager Denial-of-Service
SUMMARY Symantec Enterprise Security Manager is susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Vulnerable...
Microsoft Winsock Gethostbyname Buffer Overflow Vulnerability
Description The Microsoft Winsock API is prone to a buffer-overflow vulnerability. This issue can occur when the API is invoked via a malicious file or web page that is sufficient to trigger the vulnerability. If the exploit is successful, attacker-supplied code will execute, completely...
Microsoft Internet Explorer Chained Cascading Style Sheets Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to remote code-execution vulnerability. This issue is related to how the browser handles chained CSS Cascading Style Sheets. An attacker could exploit this issue to execute arbitrary code in the context of the user visiting a malicious web page. Th...
Microsoft Internet Explorer Window Location Cross-Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain. Attackers could exploit this issue to gain access to sensitive information that is...
Microsoft Hyperlink Object Library Function Remote Buffer Overflow Vulnerability
Description Microsoft's Hyperlink Object Library is prone to a buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue allows attackers to...
Microsoft Windows User Profile Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. The vulnerability is caused by an insecure search path for the WinLogon facility. If exploited, this could let an attacker run an arbitrary DLL with elevated privileges. This issue is reported to affect Windows...
Microsoft Windows DNS Client Buffer Overrun Vulnerability
Description Microsoft Windows is prone to a remotely exploitable buffer overrun condition in the DNS client. This issue is exposed when a client handles a malicious response from a DNS server. Attackers may leverage this to execute arbitrary code and launch a complete compromise of the affected...
Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability
Description A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs due to insufficient bounds checking when checking the properties of malicious documents. As a result, a malformed document may be able to trigger a buffer-overflow within the...
Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
Description Microsoft Windows Server Service is prone to a remote buffer-overflow vulnerability. This vulnerability arises when the service processes a malicious message in RPC communications. A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full...
Microsoft Powerpoint Remote Code Execution Vulnerability
Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. This issue occurs when the application handles malformed record data within a presentation file. A successful exploit of this issue will let attackers execute arbitrary code in the context of the targeted user...
Microsoft Windows Unhandled Exception Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability because of an error in how the OS unloads chained exceptions. Attackers could exploit this vulnerability via a malicious web page. A successful exploit would aid in the remote compromise of affected computers...
Microsoft Internet Explorer HTML Layout and Positioning Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders HTML with certain layout and positioning combinations. An attacker could exploit this issue to execute arbitrary code in the context of the user...
Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue stems from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...
Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
Description A local privilege-escalation vulnerability affects Microsoft Windows 2000. This vulnerability affects the Windows kernel; local attackers may exploit it to completely compromise an affected computer. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000...
Microsoft Internet Explorer Source Element Cross-Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to...
Microsoft Management Console Zone Bypass Vulnerability
Description Microsoft Management Console MMC is prone to a cross-zone scripting vulnerability because the operating system fails to properly restrict access to MMC components, allowing the MMC files to be referenced from the Internet Zone in some cases. Exploiting this vulnerability could let an...
Symantec On-Demand Protection Encrypted Data Exposure
SUMMARY Symantec On-Demand Agent SODA and Symantec On-Demand Protection SODP provide a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enable...
Symantec Brightmail AntiSpam Multiple Vulnerabilities
SUMMARY Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues. Risk Impact Medium Remote | Yes ---|--- Local | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS...
Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability
Description Microsoft WebViewFolderIcon ActiveX control is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the...
Microsoft Office Property Code Execution Vulnerability
Description Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Technologies Affected...
Microsoft ASP.NET Application Folder Information Disclosure Vulnerability
Description ASP.NET is prone to an information-disclosure vulnerability. This issue is due to a failure in the applications to properly validate user-supplied input. An attacker can exploit this issue to retrieve potentially sensitive information. Information retrieved may aid in further attacks...
Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability
Description Microsoft Windows DHCP Client service is prone to a remote code-execution vulnerability because the service fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This vulnerability allows remote attackers to execute arbitrary...
Microsoft IIS ASP Remote Code Execution Vulnerability
Description Microsoft Internet Information Server IIS is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. To exploit this issue, attackers must be able to place and execute...
Microsoft Office String Parsing Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability. This issue is due to a failure of the software to properly handle malformed strings in Office documents. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users...
Microsoft Office Malformed PNG File Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability when handling a malformed PNG graphic file. The issue occurs when an Office application such as Excel, Word, or PowerPoint tries to open a malformed PNG graphic file. An attacker could exploit this vulnerability to cau...
Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Excel LABEL Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Windows Server Driver Remote Information Disclosure Vulnerability
Description Microsoft Windows Server driver is susceptible to a remote information-disclosure vulnerability. This issue is due to a flaw in the handling of certain SMB traffic. Exploiting this issue allows remote attackers to gain access to potentially sensitive fragments of kernel memory. This m...
Microsoft Excel Selection Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Excel Selection Record Variant Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Office Malformed GIF File Remote Code Execution Vulnerability
Description Microsoft Office is prone to a remote code-execution vulnerability when handling a malformed GIF file. The issue occurs when an Office application such as Excel, Word, or PowerPoint tries to open a malformed GIF file. An attacker could exploit this vulnerability to corrupt memory and...
Microsoft Office Malformed String Parsing Code Execution Vulnerability
Description Microsoft Office is prone to a code-execution vulnerability. This condition can occur when a malformed string within an Office file is parsed. This vulnerability is located in a shared library used by multiple Office applications, potentially allowing many different attack vectors. An...