18 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios • https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf • CWE-426: Untrusted Search Path •

CVSS: 6.8EPSS: 15%CPEs: 7EXPL: 0

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes de utilizarla para calcular una dirección de llamada dinámica, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo PDB manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDB files. The issue lies in a failure to sanitize a value which is then used in the calculation of an address for a dynamic call. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://www.securityfocus.com/bid/67398 http://zerodayinitiative.com/advisories/ZDI-14-129 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 92%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el control "Report Viewer" de Microsoft Visual Studio 2005 SP1 y Report Viewer 2005 SP1 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de un parámetro en una fuente de datos. También conocido como "Vulnerabilidad XSS en el control Report Viewer". Microsoft Report Viewer controls suffer from a cross site scripting vulnerability. Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1 are affected. • https://www.exploit-db.com/exploits/36020 http://marc.info/?l=bugtraq&m=145326307707460&w=2 http://www.securityfocus.com/bid/49033 http://www.us-cert.gov/cas/techalerts/TA11-221A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a través de un fichero .disco (Web Service Discovery) manipulado, también conocido como "XML External Entities Resolution Vulnerability" • http://secunia.com/advisories/44912 http://www.securityfocus.com/bid/48196 http://www.securitytracker.com/id?1025646 http://www.securitytracker.com/id?1025647 http://www.securitytracker.com/id?1025648 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0

Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." Vulnerabilidad de ruta de búsqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecución de una aplicación MFC como AtlTraceTool8.exe (también conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto también se conoce como "MFC Insecure Library Loading Vulnerability". • http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://secunia.com/advisories/41212 http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list http://www.securityfocus.com/bid/42811 http://www.us-cert.gov/cas/techalerts/TA11-102A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457 https://portal.msrc&# • CWE-426: Untrusted Search Path •