This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10461.
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing logic, potentially leading to information disclosure or memory corruption.
Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22910.
Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.
Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Windows HTML Platforms Security Feature Bypass Vulnerability
External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
Microsoft Power Platform Connector Spoofing Vulnerability
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
NTLM Hash Disclosure Spoofing Vulnerability
Visual Studio Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
Windows Compressed Folder Tampering Vulnerability
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Windows HTML Platforms Security Feature Bypass Vulnerability
Windows MSHTML Platform Security Feature Bypass Vulnerability
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Distribution Client on Windows.This issue affects JP1/IT Desktop Management 2 - Manager: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; JP1/IT Desktop Management 2 - Operations Director: from 13-50 before 13-50-02, from 13-11 before 13-11-04, from 13-10 before 13-10-07, from 13-01 before 13-01-07, from 13-00 before 13-00-05, from 12-60 before 12-60-12, from 10-50 through 12-50-11; Job Management Partner 1/IT Desktop Management 2 - Manager: from 10-50 through 10-50-11; JP1/IT Desktop Management - Manager: from 09-50 through 10-10-16; Job Management Partner 1/IT Desktop Management - Manager: from 09-50 through 10-10-16; JP1/NETM/DM Manager: from 09-00 through 10-20-02; JP1/NETM/DM Client: from 09-00 through 10-20-02; Job Management Partner 1/Software Distribution Manager: from 09-00 through 09-51-13; Job Management Partner 1/Software Distribution Client: from 09-00 through 09-51-13.
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally.
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
NTLM Hash Disclosure Spoofing Vulnerability
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
Windows Compressed Folder Tampering Vulnerability
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can access or modify system files or other files that are critical to the application, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.