Category Archives: Advisories

ZDI-22-1665: Trend Micro Apex One Damage Cleanup Engine Link Following Local Privilege Escalation Vulnerability

December 15, 2022

Read Time:12 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-1674: Microsoft Office Visio DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

December 15, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1673: Microsoft Office Visio DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

December 15, 2022

Read Time:12 Second

Advisories

ZDI-22-1672: Microsoft Office Visio DWG File Parsing Use-After-Free Information Disclosure Vulnerability

December 15, 2022

Read Time:12 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1671: Microsoft Office Visio DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

December 15, 2022

Read Time:12 Second

Advisories

ZDI-22-1670: Microsoft Office Visio DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

December 15, 2022

Read Time:12 Second

Advisories

ZDI-22-1669: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

December 15, 2022

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-1668: Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

December 15, 2022

Read Time:11 Second

Advisories

ZDI-22-1667: Microsoft Office Visio DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

December 15, 2022

Read Time:12 Second

Advisories

CVE-2020-4497

December 14, 2022

Read Time:15 Second

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

News, Advisories and much more

Exit mobile version