It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.

dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2015-2579-01 – Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

This bulletin summary lists twelve released Microsoft security bulletins for December, 2015.

Red Hat Security Advisory 2015-2578-01 – Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

Original release date: December 08, 2015

Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-124 through MS15-135 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.