HEVC Video Extensions Remote Code Execution Vulnerability
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Windows Graphics Component Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected.
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Photos App Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe vulnerability is due to a stack overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.
Windows Fax Compose Form Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows.
Microsoft Office Graphics Remote Code Execution Vulnerability
.NET Framework Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Windows Fax Compose Form Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11135.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16186.
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16187.
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
HEVC Video Extensions Remote Code Execution Vulnerability
Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16778.