A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer.
Category Archives: Checkpoint
Checkpoint
Microsoft Office Shared Component ASLR Bypass (MS15-013; CVE-2014-6362)
A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization (ASLR) by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
WordPress FancyBox Plugin Code Injection
A code injection vulnerability has been reported in WordPress FancyBox Plugin. A remote attacker could inject arbitrary code into the FancyBox Plugin code via crafted parameters.
Microsoft Word OneTableDocumentStream Remote Code Execution (MS15-012; CVE-2015-0065)
A remote code execution vulnerability has been reported in Microsoft Word. The vulnerability is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing a user to open a specially crafted document with an affected version of Microsoft Word.
Samsung SmartViewer CNC_Ctrl ActiveX Control Buffer Overflow (CVE-2014-9265; CVE-2012-4333)
A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNC_Ctrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to visit a malicious web page.
Adobe Flash Player Memory Leakage (APSB14-18: CVE-2014-0540)
A memory leakage vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.
Adobe Flash Player Use After Free Code Execution (APSB14-18; CVE-2014-0538)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file.
Jenkins Groovy Script Console Remote Code Execution
A Code Execution vulnerability has been reported in the Jenkins Groovy Script Console. The vulnerability is due to an insecure script execution on the Jenkins console. A remote attacker could trigger this flaw by sending a crafted HTTP request to the vulnerable system.
WordPress MailPoet Newsletters Unauthenticated File Upload
An arbitrary file upload vulnerability exists in the WordPress plug-in MailPoet Newsletters. The vulnerability is due to lack of access control validation. A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted request to the server.
HP Intelligent Management Center BIMS UploadServlet Information Disclosure (CVE-2014-2618)
An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests to the target system, a remote unauthenticated attacker can leverage this vulnerability to view the contents of arbitrary files on a target system.