A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the image conversion engine, related to parsing of EXIF metadata. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file.

A heap-based buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to improper handling of biClrUsed field in a BMP file. A remote attacker could exploit these vulnerabilities by enticing the user to visit a maliciously crafted web-page or open a maliciously crafted file. Successful exploitation would allow the attacker to execute arbitrary code in the context of the user.

Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full compromise of the affected application.

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted TIFF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file.

A content injection vulnerability exists in WordPress REST API. A remote attacker may exploit this vulnerability by sending a malicious request to the server. Successful exploitation would allow an attacker to inject and change content.

A stack overflow vulnerability exists in Microsoft Windows. The vulnerability is due lack of sanity over Tree Connect response messages. Successful exploitation of this issue may allow attackers to execute arbitrary code.

Suspicious Mail containing archive attachment was observed as part of phishing campaigns. A remote attacker could send spam e-mails including those files. This would allow the malicious code to run and infect the target system.

A misleading popup window, disguising as a Chrome error message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine.

A remote code execution vulnerability exists in Cisco WebEx Meetings Server and WebEx Meetings Center browser extensions. The vulnerability is due to a design weakness in the API response parser within the extensions.A remote unauthenticated attacker could exploit this vulnerability by enticing a user open a maliciously crafted web page or link.

A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.