Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2017-07-11 12:00:00 |
ZDI-17-475: Microsoft Windows JavaScript super Keyword Uninitialized Memory Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-471: (Pwn2Own) Microsoft Windows win32kfull CopyOutputString Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-480: Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-479: Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-476: (Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-472: (Pwn2Own) Microsoft Windows GDI Region Object Uninitialized Memory Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-473: (Pwn2Own) Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-478: Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-07-11 12:00:00 |
ZDI-17-474: (Pwn2Own) Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-07-10 12:00:00 |
ZDI-17-464: (Pwn2Own) Microsoft Chakra ArrayBuffer Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-07-10 12:00:00 |
ZDI-17-463: (Pwn2Own) Microsoft Windows basicrender WarpKMEscape Information Disclosure Vulnerability (lien direct) |
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-27 12:00:00 |
ZDI-17-450: (Pwn2Own) Microsoft Windows WarpKMSubmitCommandVirtual Uninitialized Memory Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-27 12:00:00 |
ZDI-17-451: (Pwn2Own) Microsoft Windows XPS Document Writer Uninitialized Memory Information Disclosure Vulnerability (lien direct) |
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-26 12:00:00 |
ZDI-17-447: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. |
|
|
|
|
2017-06-26 12:00:00 |
ZDI-17-446: Cisco Prime Collaboration Provisioning licensestatus Directory Traversal Arbitrary File Deletion Vulnerability (lien direct) |
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. |
|
|
|
|
2017-06-26 12:00:00 |
ZDI-17-445: Cisco Prime Collaboration Provisioning ScriptMgr Servlet Authentication Bypass Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. |
|
|
|
|
2017-06-26 12:00:00 |
ZDI-17-449: Cisco Prime Collaboration Provisioning Logs Directory Improper Access Control Information Disclosure Vulnerability (lien direct) |
This vulnerability allows disclose sensitive information on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. |
|
|
|
|
2017-06-26 12:00:00 |
ZDI-17-448: Cisco Prime Collaboration Provisioning logconfigtracer Directory Traversal Arbitrary File Deletion Vulnerability (lien direct) |
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Collaboration Provisioning. Authentication is not required to exploit this vulnerability. |
|
|
|
|
2017-06-23 12:00:00 |
ZDI-17-443: Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-23 12:00:00 |
ZDI-17-442: Cisco WebEx Network Recording Player ARF File CImageList Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-23 12:00:00 |
ZDI-17-444: Cisco WebEx Network Recording Player ARF File Memory Corruption Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-402: (Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-400: (Pwn2Own) Microsoft Windows TdxCreateTransportAddress Buffer Overflow Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-405: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-403: (Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-409: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-401: Microsoft Internet Explorer InsertRow Out-Of-Bounds Read Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-06-13 12:00:00 |
ZDI-17-404: (Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-05-30 12:00:00 |
ZDI-17-371: Microsoft Windows JavaScript Array Type Confusion Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-329: (Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-324: (Pwn2Own) Microsoft Edge ArrayBuffer Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-328: (Pwn2Own) Microsoft Edge AudioBuffer Use-After-Free Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-325: (Pwn2Own) Microsoft Windows Cursor Object Use-After-Free Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-323: Microsoft Internet Explorer Enhanced Protected Mode Sandbox Escape Vulnerability (lien direct) |
This vulnerability allows remote attackers to escape the Enhanced Protected Mode (EPM) sandbox on vulnerable installations of Microsoft Internet Explorer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-327: (Pwn2Own) Microsoft Chakra Array unshift Heap-based Buffer Overflow Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2017-05-10 12:00:00 |
ZDI-17-326: (Pwn2Own) Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-512: Microsoft Windows MSXML IDispatch Use-After-Free Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-511: Microsoft Edge CTreePos Type Confusion Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-509: Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-508: Microsoft Office Excel Art Data Memory Corruption Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-510: Microsoft Internet Explorer Add-on Installer Enhanced Protected Mode Sandbox Escape Vulnerability (lien direct) |
This vulnerability allows attackers to escape from the Enhanced Protected Mode sandbox on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-514: Microsoft Windows JavaScript map Method Heap-based Buffer Overflow Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-507: Microsoft Windows NtGdiQueryFonts Information Disclosure Vulnerability (lien direct) |
This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-09-16 12:00:00 |
ZDI-16-513: Microsoft Edge CSS white-space Property Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-08-09 12:00:00 |
ZDI-16-453: Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Access Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-08-09 12:00:00 |
ZDI-16-454: Microsoft Internet Explorer CAnchor Use-After-Free Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-06-22 12:00:00 |
ZDI-16-369: Microsoft Windows PDF Library AES Encryption Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-06-22 12:00:00 |
ZDI-16-372: (Pwn2Own) Microsoft Windows Diagnostics Hub Standard Collector Directory Traversal Privilege Escalation Vulnerability (lien direct) |
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Diagnostics Hub Standard Collector. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
|
|
|
2016-06-22 12:00:00 |
ZDI-16-371: Microsoft Edge CBaseScriptable PrivateQueryInterface Uninitialized Memory Remote Code Execution Vulnerability (lien direct) |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|
|
2016-06-22 12:00:00 |
ZDI-16-370: Microsoft Windows PDF Library JPEG2000 COD Out-Of-Bounds Read Information Disclosure Vulnerability (lien direct) |
This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
|
|