Vulnerability & Exploit Database

Displaying entries 221 - 230 of 140591 in total

Microsoft CVE-2018-8599: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: December 11, 2018

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The sec...

Microsoft CVE-2018-8598: Microsoft Excel Information Disclosure Vulnerability Vulnerability

  • Severity: 3
  • Published: December 11, 2018

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to o...

Microsoft CVE-2018-8597: Microsoft Excel Remote Code Execution Vulnerability Vulnerability

  • Severity: 9
  • Published: December 11, 2018

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could ta...

Microsoft CVE-2018-8596: Windows GDI Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: December 11, 2018

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincin...

Microsoft CVE-2018-8595: Windows GDI Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: December 11, 2018

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincin...

Microsoft CVE-2018-8587: Microsoft Outlook Remote Code Execution Vulnerability Vulnerability

  • Severity: 9
  • Published: December 11, 2018

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf ...

Microsoft CVE-2018-8583: Chakra Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 8
  • Published: December 11, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain th...

Microsoft CVE-2018-8580: Microsoft SharePoint Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: December 11, 2018

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF). When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, thro...

Microsoft CVE-2018-8540: .NET Framework Remote Code Injection Vulnerability Vulnerability

  • Severity: 10
  • Published: December 11, 2018

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users who...

Microsoft CVE-2018-8517: .NET Framework Denial Of Service Vulnerability Vulnerability

  • Severity: 5
  • Published: December 11, 2018

A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker c...