Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka “Microsoft Office Denial of Service Vulnerability.”
Monthly Archives: November 2016
CVE-2016-7245 (office)
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.”
CVE-2016-7246 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016)
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”
Malicious Spam Levels Hit Two Year High – BetaNews
BetaNews, November 10, 2016
Microsoft Internet Explorer 9 / 10 / 11 PROPERTYDESC::HandleStyleComponentProperty Out-Of-Bounds
Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.
Nero 7.10.1.0 Privilege Escalation
Nero version 7.10.1.0 suffers from an unquoted service path privilege escalation vulnerability.