Skip to content
At the time of publication the product was no longer supported by the vendor. The vulnerability exists due to use-after-free error when processing .swf files. The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error within the ws2ifsl.sys (Winsock). vulnerable plugin. The vulnerability allows a remote attacker to compromise vulnerable system. A remote attacker can create a specially crafted icon file, trick the victim into clicking on it and execute arbitrary code on the target system with privileges of the current user. The vulnerability was reported to vendor - 2014-02-04.Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.A zero-day exploit hosted on a breached website based in the U.S Military. Note: this vulnerability is being actively exploited. Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system. Note: the vulnerability was being actively exploited. Note: the vulnerability was being actively exploited. The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability allows a remote user to execute arbitrary code on the target system. A
The vulnerability exists in diskutil tool within DiskManagement framework when handling BOM files. Note: this vulnerability is being actively exploited. Successful exploitation of the vulnerability may result in full control of the vulnerable system. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.Note, this vulnerability is being actively exploited in the wild. Two affected scripts are believed to be used by two different attack groups to eavesdrop on FTP and email traffic inside corporate networks. Fully functional exploit code was made publicly available on August 2, 2011. It took several days for the developers to issue a proper security patch.Joxean Koret discovered this vulnerability in 2008 and publicly disclosed in 2012.Researchers based in Asia noticed these malicious documents in Japan and Taiwan before they started showing up/targeting USA companies.The vulnerability may be tied to the DarkLeech attack campaign.The vulnerability was used to target Webmail accounts.Raphael Noailles discovered and reported this issue.This 0-day vulnerability was discovered by Lockheed Martin’s Computer Incident Response Team and was found that it is part of a targeted attack. Note: the vulnerability was being actively exploited.According to Symantec the first exploitation of the vulnerability was discovered on 2009-03-19. Note: this vulnerability is being actively exploited. The vulnerability has been exploited from November 2012 till August 2013.We are aware of in the wild exploitation of this vulnerability before official patch release.The weakness was disclosed 08/01/2013 by Jens Hinrichsen. Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system. Note: this vulnerability is being actively exploited. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability exists due to a boundary error when processing mailbox names in the EXAMINE IMAP command. The vulnerability is caused by boundary error when processing malformed function in Word files. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges. A remote attacker can create a specially crafted .lzh file, trick the victim into opening it, cause stack-based buffer overflow and execute arbitrary code with privileges of the current user. According to CERT, this vulnerability has been actively exploited in the wild before official patch release. Successful exploitation of this vulnerability may result in full compromise of affected system.
The vulnerability exists due to a boundary error within the scripting engine. Note: the vulnerability was being actively exploited.Exploit kits: Angler, Neutrino, Nuclear Pack and RIG
traded ERC20 token listed in a top exchange. Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system. The weakness exists due to a logical bug is revealed when embedding a video via the 'online video' feature. The exploits are believed to be stolen from the NSA.The vulnerability was used by Zirconium cyber-espionage group against older versions of Windows. The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system. The code will be executed in victim’s browser in context of vulnerable website every time the victim visits vulnerable interface. Security experts for FireEye linked the vulnerability to the hacking group TEMP.Reaper. The vulnerability allows a remote attacker to execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system. Note: this vulnerability is being actively exploited.
Note: the vulnerability was being actively exploited. The vulnerability exists due to boundary error when parsing CSS styles. A remote attacker can create a specially crafted document, trick the victim into opening it, cause buffer overflow and execute arbitrary code on vulnerable system. The vulnerability was revealed after The Shadow Brokers hacking group published documents stolen from Equation Group in 2013. Note: the vulnerability is being actively exploited in the wild.