This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Yearly Archives: 2023
ZDI-23-372: Microsoft 3D Builder GLB File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-373: Microsoft Print 3D WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Print 3D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-374: Microsoft 3D Builder WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-375: Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-376: Microsoft Excel SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-377: TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-378: Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability.
ZDI-23-342: ICONICS GENESIS64 PKGX File Parsing Directory Traversal Remote Code Execution Vulnerability
The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-343: ICONICS GENESIS64 PKGX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.