Microsoft IIS ASP Remote Code Execution Vulnerability

Description Microsoft Internet Information Server IIS is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. To exploit this issue, attackers must be able to place and execute...

Microsoft Excel LABEL Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Excel DATETIME Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Note that Microsoft Office applications include functionality to embed Office files as...

Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability

Description Microsoft Internet Explorer 6 is reportedly prone to a denial-of-service vulnerability because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. This issue is triggered when an attacker convinces a victim to activate a...

Symantec Security Information Manager Authentication bypass

SUMMARY A security vulnerability has been found in the current release of Symantec Security Information Manager. Risk Impact Low Remote | No ---|--- Local | Yes Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Product | Version | Build | Update To ---|---|---|---...

Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability

...

Microsoft Windows Routing and Remote Access RASMAN Registry Remote Code Execution Vulnerability

Description Microsoft Windows Routing and Remote Access is prone to a memory-corruption vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to...

Microsoft JScript Memory Corruption Vulnerability

Description Microsoft JScript is prone to a remote memory-corruption vulnerability. This issue is due to the software's failure to properly execute certain HTML script content. This issue allows remote attackers to execute arbitrary machine code in the context of applications that use the JScript...

Microsoft PowerPoint Malformed Record Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. The issue is related to how the application processes malformed record data in PowerPoint documents. To exploit this issue, an attacker must entice a victim to open a malicious PowerPoint file. If the exploit is...

Microsoft SMB Driver Local Denial Of Service Vulnerability

Description The Microsoft SMB driver is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to create processes that cannot be killed in affected operating systems, potentially denying service to legitimate users and other software on affected computers. This...

Microsoft Windows GDI WMF Handling Heap Overflow Vulnerability

Description The Microsoft Windows GDI Graphics Rendering Engine is prone to a heap-overflow vulnerability. This issue is exposed when the component loads a specially crafted WMF Windows Metafile image. If this issue is exploited, a malicious WMF or EMF file could potentially corrupt heap-based...

Microsoft Internet Explorer HTML Decoding Remote Code Execution Vulnerability

Description Internet Explorer is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet...

Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability

Description The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer...

Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability

Description Microsoft Windows is susceptible to a vulnerability in the RPC component, specifically when using the mutual authentication mechanism with the SSL Secure Socket Layer protocol. This issue is due to a flaw in the mutual authentication mechanism that can occur when it attempts to valida...

Microsoft Internet Explorer Multipart HTML File Handling Remote Code Execution Vulnerability

...

Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability

Description Microsoft Exchange Server Outlook Web Access is prone to a script-injection vulnerability. A remote attacker can exploit this issue by sending a malicious email message to a vulnerable user. Technologies Affected Microsoft Exchange Server 2000 SP3 Microsoft Exchange Server 2003 SP1...

Microsoft Windows Media Player Malformed PNG Remote Code Execution Vulnerability

Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability. This vulnerability is related to handling of malicious PNG images. PNG images may be embedded in Windows Media Player skin files. Attackers may be able to exploit this issue by causing the application to...

Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability

Description The Microsoft SMB driver is susceptible to a local privilege-escalation vulnerability. This issue is due to a failure of the affected software to properly bounds-check user-supplied input prior to copying it to insufficiently-sized kernel memory. A local attacker can exploit this issu...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability Variant

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue results from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability

Description Microsoft Windows is prone to remote code execution when processing malformed AOL ART images. This issue is exposed when the malicious images are processed by Internet Explorer or other applications that rely on Internet Explorer to display AOL ART images. If exploited, this...

Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability

Description Microsoft Windows Routing and Remote Access is prone to a memory-corruption vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer. This issue allows remote attackers to...

Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote buffer-overflow vulnerability. The vulnerability arises in the Microsoft Windows TCP/IP protocol driver when IP Source Routing has been enabled. A remote attacker may trigger a denial-of-service condition or may execute arbitrary code, leading to...

Microsoft Windows MHTML URI Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a remote buffer-overflow vulnerability in 'INETCOMM.DLL'. The library fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer. Remote attackers may exploit this issue to execute arbitrary machin...

Symantec Client Security and Symantec AntiVirus Elevation of Privilege

SUMMARY A stack overflow in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a remote or local attacker to execute code on the affected machine. Impact High Remote | Yes ---|--- Local | Yes Authentication Required | No Exploit publicly available | Yes...

Symantec AntiVirus Remote Stack Buffer Overflow Vulnerability

Description Multiple Symantec products are prone to a remote stack buffer-overflow vulnerability. This issue allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Symantec AntiVirus Corporate Edition 10....

Microsoft Word Malformed Object Pointer Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. The issue arises because Word fails to properly handle malformed object pointers. Reports indicate that this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious...

RealVNC Remote Authentication Bypass Vulnerability

Description RealVNC is susceptible to an authentication-bypass vulnerability. This issue is due to a flaw in the authentication process of the affected package. Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers. RealVNC 4.1.1 is vulnerable to this...

Symantec Enterprise Firewall NAT/HTTP Proxy internal IP leakage

SUMMARY An information leak has been discovered in the HTTP proxy of the Symantec Enterprise Firewall and Symantec Gateway Security products. In response to specific http requests, the firewall may reveal internal addresses otherwise hidden by Network Address Translation NAT. Severity Very Low...

Microsoft Windows MSDTC Invalid Memory Access Denial Of Service Vulnerability

Description Microsoft Windows Distributed Transaction Coordinator is prone to a denial-of-service vulnerability. Attackers can exploit this vulnerability remotely to disrupt the MSDTC service and any services that depend on MSDTC. This vulnerability affects Windows NT and Windows 2000 by default,...

Microsoft Exchange Server Calendar Remote Code Execution Vulnerability

Description Microsoft Exchange Server is prone to a vulnerability that may let attackers execute code remotely. This issue is exposed when the server handles emails that contain malicious calendar data that is included in meeting requests. If the issue is successfully exploited, this could...

Symantec Scan Engine Multiple Vulnerabilities

SUMMARY Three vulnerabilities have been discovered in the Symantec Scan Engine. Symantec Scan Engine is a TCP/IP server and programming interface that enables third parties to incorporate support for Symantec content scanning technologies into their proprietary applications. This gateway-level...

Symantec LiveUpdate for Macintosh Local Privilege Escalation

SUMMARY Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment Risk Impact Medium Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED PRODUCTS Product | Version | Build | Language |...

Microsoft Windows Shell COM Object Remote Code Execution Vulnerability

Description Microsoft Windows Shell is prone to a remote code-execution vulnerability. This issue is due to a flaw in its handling of remote COM objects. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the targeted user. This may facilitate the remote...

Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Hitachi DA Broker for ODBC 01-00 Hitachi DA Broker for ODBC 01-...

Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to an error in how double-byte character set DBCS characters are handled in Internationalized Domain Names IDN included in URLS from rendered HTML content. An attacker could exploit this issue v...

Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability

Description Microsoft Internet Explorer is prone to address-bar spoofing. Attackers may exploit this via a malicious web page to spoof the contents of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing. Technologies Affect...

Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain. Attackers could exploit this issue to gain access to sensitive information that is...

Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a zone-bypass vulnerability because the browser returns erroneous IOleClientSite when dynamically creating an embedded object. This could cause malicious script code to be executed in a security zone with fewer restrictions than the zone that th...

Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability that may permit remote attackers to execute arbitrary code. This vulnerability occurs when the browser parses invalid HTML. Attackers can exploit this vulnerability through a malicious web page or HTML email. Technologies Affecte...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue results from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to the handling of certain HTML tags. Attackers could exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. They could also use HT...

Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability

Description Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code...

Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability

Description Microsoft Outlook Express is prone to a remote buffer-overflow vulnerability. This vulnerability presets itself when the application processes a specially crafted Windows Address Book .wab file. An attacker may exploit this issue to execute arbitrary code in the context of a user...

Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is susceptible to a remote code-execution vulnerability. This issue is due to a flaw that results in an invalid table-pointer dereference. Remote attackers may exploit this issue to crash affected browsers or to execute arbitrary machine code in the context...

Microsoft Excel Malformed Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. This issue may be triggered when a Excel document with malformed record data is opened. Technologies Affected Avaya Modular Messaging MAS 3.0.0 Microsoft Excel 2000 Microsoft Excel 2000 SP2 Microsoft Excel 2000 SP3...

Microsoft Excel Malformed Formula Size Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. This issue may be triggered when an Excel document with a malformed formula size is opened. Technologies Affected Avaya Modular Messaging MAS 3.0.0 Microsoft Excel 2000 Microsoft Excel 2000 SP2 Microsoft Excel 2000 SP3...

Microsoft Excel Malformed Parsing Format File Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. This issue may be triggered when a malformed Excel document is opened. Technologies Affected Avaya Modular Messaging MAS 3.0.0 Microsoft Excel 2000 Microsoft Excel 2000 SP2 Microsoft Excel 2000 SP3 Microsoft Excel 2000...

Microsoft Office Routing Slip Processing Remote Buffer Overflow Vulnerability

Description Microsoft Office is prone to a remote buffer-overflow vulnerability. This vulnerability occurs when the application handles a specially crafted document. A successful attack can result in a remote compromise in the context of an affected user. Update: This issue is known to be exploit...

Microsoft Excel Malformed Description Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. This issue may be triggered when an Excel document with malformed description data is opened. Technologies Affected Avaya Modular Messaging MAS 3.0.0 Microsoft Excel 2000 Microsoft Excel 2000 SP2 Microsoft Excel 2000 S...

Symantec Ghost: Local access vulnerabilities in Database

SUMMARY Symantec engineers updated the db component to address three local access vulnerabilities discovered in the database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite SGSS 1.0. Exploitation of any of these issues requires physical access to...