Vulnerability & Exploit Database

Displaying entries 71 - 80 of 132592 in total

Microsoft CVE-2018-8113: Internet Explorer Security Feature Bypass Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the securit...

Microsoft CVE-2018-8111: Microsoft Edge Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the...

Microsoft CVE-2018-8110: Microsoft Edge Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the...

Microsoft CVE-2018-1040: Windows Code Integrity Module Denial of Service Vulnerability Vulnerability

  • Severity: 5
  • Published: June 12, 2018

A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the de...

Microsoft CVE-2018-1036: NTFS Elevation of Privilege Vulnerability Vulnerability

  • Severity: 7
  • Published: June 12, 2018

An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the ...

Microsoft CVE-2018-0982: Windows Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could ru...

Microsoft CVE-2018-0978: Internet Explorer Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the c...

Microsoft CVE-2018-0871: Microsoft Edge Information Disclosure Vulnerability Vulnerability

  • Severity: 4
  • Published: June 12, 2018

An information disclosure vulnerability exists when Edge improperly marks files. An attacker who successfully exploited this vulnerability could exfiltrate file contents from disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by properly mark...

Microsoft ADV180015: Microsoft Office Defense in Depth Update Vulnerability

  • Severity: 4
  • Published: June 12, 2018
Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure. This update improves the memory handling of Office applications that render Office Art.

OpenSSL Client DoS due to large DH parameter (CVE-2018-0732) Vulnerability

  • Severity: 4
  • Published: June 12, 2018

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Servi...