A cross-site scripting vulnerability have been reported in Internet Explorer 9. The vulnerability is due to insufficient input validation while processing malformed request. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web-page and run an arbitrary code on the security context of the target.

A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send crafted handshake messages to cause memory leaks, exhaust system memory and create a denial of service condition on an application using the vulnerable library.

A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability is due to the way Group Policy settings are applied when SMB signing failures occur. An attacker can exploit this vulnerability by a man-in-the-middle attack that modifies domain controller responses to client requests.

A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNC_Ctrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to visit a malicious web page.

A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted document with an affected version of Microsoft Word.

A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters.

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization (ASLR) by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly handles uninitialized memory when parsing specially crafted TIFF files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted TIFF file.