[CLOSE] OSVDB ID : 93291 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93289 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified flaw that may allow a context-dependent attacker to gain access to potentially sensitive information stored in JSON data files. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93290 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93292 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93293 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93294 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93295 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93296 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93297 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93298 - Disclosed: 2013-05-14

Description:

Microsoft IE contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93306 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of a corrupt interface pointer in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93307 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of a return value in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93308 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains an overflow condition that is triggered as user-supplied input is not properly validated during the handling of a specially crafted PUB file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93309 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the validation of a return value in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93310 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of an invalid range check in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93311 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of an incorrect NULL value in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93312 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of a signed integer in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93313 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of a pointer in a specially crafted PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93314 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains an underflow condition that is triggered as user-supplied input is not properly validated during the handling of a specially crafted PUB file. This may allow a context-dependent attacker to cause a buffer underflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 93317 - Disclosed: 2013-05-14

Description:

Microsoft Windows Essentials contains a flaw in Windows Writer that is triggered during the handling of a specially crafted URL. This may allow a context-dependent attacker to gain access to potentially sensitive information or overwrite arbitrary files.

[CLOSE] OSVDB ID : 93320 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains a flaw in win32k.sys that leads to unauthorized privileges being gained. The issue is triggered during the handling of a memory object. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 93318 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains a flaw in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys) that leads to unauthorized privileges being gained. The issue is triggered during the handling of a memory object. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 93300 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains a flaw in the HTTP Protocol Stack (HTTP.sys) that may allow a remote denial of service. The issue is triggered during the handling of a specially crafted HTTP header, which may allow a remote attacker to cause an infinite loop and crash the process.

[CLOSE] OSVDB ID : 93301 - Disclosed: 2013-05-14

Description:

Microsoft .NET Framework contains a spoofing weakness that is due to the program failing to properly validate XML file signatures. This may allow a remote attacker to change the contents of an XML file without invalidating the signature.

[CLOSE] OSVDB ID : 93302 - Disclosed: 2013-05-14

Description:

Microsoft .NET Framework contains a flaw that is due to program improperly creating authentication policy requirements during custom WCF endpoint authentication setup. This may allow a remote attacker to bypass authentication and gain access to certain endpoint functions, which will allow the attacker to more easily gain access to sensitive information or perform actions as an authenticated user.

[CLOSE] OSVDB ID : 93303 - Disclosed: 2013-05-14

Description:

Microsoft Lync contains an unspecified use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 93304 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains a flaw that is triggered during the handling of negative value allocation in a PUB file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93305 - Disclosed: 2013-05-14

Description:

Microsoft Office Publisher contains an integer overflow condition that is triggered as user-supplied input is not properly validated during the handling of a specially craft PUB file. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 93315 - Disclosed: 2013-05-14

Description:

Microsoft Office Word contains a flaw that is triggered during the handling of shape data within a specially crafted DOC file. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93316 - Disclosed: 2013-05-14

Description:

Microsoft Visio contains an XXE (Xml eXternal Entity) injection flaw that is triggered during the parsing of XML data. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data in a Visio file, a context-dependent attacker can gain access to arbitrary files.

[CLOSE] OSVDB ID : 93319 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains an overflow condition in win32k.sys. The issue is triggered as user-supplied input is not properly validated during the handling of a memory object. This may allow a local attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 92993 - Disclosed: 2013-05-03

Description:

Microsoft Internet Explorer (IE) contains a use-after-free error. The issue is triggered when handling CGenericElement objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 92913 - Disclosed: 2013-04-24

Description:

Microsoft IE contains an unspecified use-after-free error. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92128 - Disclosed: 2013-04-09

Description:

Microsoft Antimalware Client contains a flaw that leads to unauthorized privileges being gained. The issue is triggered during the handling of improper pathnames. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 92124 - Disclosed: 2013-04-09

Description:

Microsoft Windows Kernel contains an unspecified flaw that leads to unauthorized privileges being gained. The issue is due to a race condition that occurs during the handling of memory objects. This may allow a local attacker to gain access to elevated privileges. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92125 - Disclosed: 2013-04-09

Description:

Microsoft Windows Kernel contains an unspecified flaw that leads to unauthorized privileges being gained. The issue is due to a race condition that occurs during the handling of memory objects. This may allow a local attacker to gain access to elevated privileges. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92129 - Disclosed: 2013-04-09

Description:

Microsoft Office contains a flaw that allows a reflected cross-site scripting (XSS) attack in the HTML sanitization component. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 92123 - Disclosed: 2013-04-09

Description:

Microsoft SharePoint Server contains a flaw that may lead to unauthorized disclosure of sensitive information. The issue is due to the program failing to properly enforce access controls on unspecified SharePoint lists. This may allow a remote authenticated attacker to gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 92126 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains a flaw in Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services that may allow a remote denial of service. The issue is due to the LDAP service failing to properly handle a specially crafted query. This may allow an authenticated remote attacker to cause a consumption of memory resources, which will cause the service to stop responding.

[CLOSE] OSVDB ID : 92127 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains an unspecified memory corruption flaw in the Client/Server Run-time Subsystem (CSRSS). The issue is triggered as user-supplied input is not properly sanitized when handling memory objects. This may allow a local attacker to corrupt memory and gain elevated privileges.