Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution.
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774.
Windows OLE Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Skype for Consumer Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Windows Kerberos Security Feature Bypass Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL.
A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution.
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
Microsoft Project Remote Code Execution Vulnerability
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832)
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability