VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an array indexing error when processing RealTimeData records in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
b0394ee0714f4a34f6b77d22e6092fa129ef3339828fc4d78a16e527c76d1e80
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by an array indexing error in the "dirapi.dll" component when processing malformed data within the "rcsL" record, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
ebae7c8e4b3e98c31ecdf30a8b7435873c1dc320927f43e66e6c37e4eda6e5ea
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by a buffer overflow error when processing a malformed ActionScript FileReference method, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
86c6eebd998ef19a66f897c458792f0e8d3b83f1a7b9d3f16cfdd6960d84e4ef
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer underflow error in the Object Linking and Embedding (OLE) Automation component when processing malformed Windows Metafile (WMF) data via the "_PictLoadMetaFileRaw()" function, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
0bcbe6ddf0f6d9f9565bd58d17901ffc57ad45dde4e3569f63328534b3f27176
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed "scrn" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
bd2b206e8cc01411d077ffd71f0fafae0c987444464bb20fda99e30bd818b823
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed "pseq" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
678973558fee6d7c54c5b90eec131c79bd3a0357dbfa4eb1520a4ec67f37cad6
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed "ncl2" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
e8f488754f08480d5e40ca95b2864ba0737678e88ade054dfd206889f6e07072
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed "mluc" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
672490db1b7e734d96fdac53de3b57b95abfd9ee95d4201e9143bb6ef215fe8b
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer truncation error in the Color Management Module (CMM) when processing a malformed "bfd" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
cf0e788d1c843e3352da1703694e7f2744be0104b724b21b9d4cf89d96e5290a
VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed "clrt" tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
b9624b37a2d319db443cfde21d7b096739c7f479b3a17eae304af656f677d623
VUPEN Vulnerability Research Team discovered a critical vulnerability in 7T Interactive Graphical SCADA System (IGSS). The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used, leading to an exploitable condition. Versions prior to 9.0.0.11143 are affected.
6e3832447425985a6f696ebb91be8820ba8801500741d4b2775eba9c6ee8f8c7
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
68273b636979cb1468a8090e5e58828a83e73978c0b22c05b24a4b9d3b8c295a
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.
4f3f32b3d21c7c657379213dbce2194f42ee815379440a6a45b032df836b15a9
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document.
eb83b04f992840bb6eff2e981e45c08f92921571c592f54407896f0ebe817d1c
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CObjectElement::OnPropertyChange()" function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6, 7, and 8 are affected.
59606c9acd8d8332ddbbdbeff4cd06911f15ac789a3a6ee075f3c52dff906ea9
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CSpliceTreeEngine::InsertSplice()" function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 6 and 7 are affected.
b8d96323c4a211ae41bedf90189a3872ffab299ee06c72ee8c21def85c12f670
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the GDI+ library when parsing certain values within a EMF image file, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
e9d976818013ca305eba57812572521d3237061c36f4c3f3f638dc81c1690983
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). Microsoft Office XP Service Pack 3 is affected.
2d2ef1ad1bdc1ee43e992f908da55b1ea19d51d2bcabcf4e211f64a913e1e003
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by an integer overflow error in the WebKit library when handling block dimensions, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
9ea8e14eaede3a9009c52340df2c57af7b693d761077f23322ac3fb77375bf67
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain scroll events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
3eac3c011875096426021de4ca49199e1fcbfae351d58fd4ff58b13456d57a6c
The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain iframe events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
80e96a9a3ad610f44e28f2afac84eacff444a571e1cc7649b9d31addcf586567
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a buffer overflow error in the Windows Shell graphics processor when parsing the "biCompression" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
e45dd38c15740c3e6e5ddc9d40c8fcbd4f3bb920137a89049bbe72c5ba971917
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "height" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
9a72023ae91a8044eca541def5bf1939d6dd53c305c5ed8be72523cab22c8350
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "width" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
424e76ac6176134b9620fc780ea75da7e66aee6adb5388e91cf75fdc7beeb515
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a dangling pointer in the "mshtml.dll" library when handling certain object manipulations, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Internet Explorer versions 6, 7, and 8 are affected.
3ec085c704a69847706bc827f9318c129f1ec314e1cffd5e14399f41cbc973f2
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.
a14685bc6080babb1b766400a94d5de2768c47bc73bcd035cb57c90a363fe819