Articles tagged microsoft

2019-01-14 05:01:55
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VCard files. Crafted data in a VCard file can cause Windows to display a dangerous hyperlink. The user interface fails to provide any indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of the current user.
2018-04-23 10:36:08
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
2017-11-24 11:09:19
A simple PoC for CVE-2017-11882. This exploit triggers WebClient service to start and execute remote file from attacker-controlled WebDav server. The reason why this approach might be handy is a limitation of executed command length. However with help of WebDav it is possible to launch arbitrary attacker-controlled executable on vulnerable machine. This script creates simple document with several OLE objects. These objects exploits CVE-2017-11882, which results in sequential command execution.
2010-09-28 14:49:16
Microsoft made available today a patch for the recently discovered hole in their ASP.NET framework.
2010-09-27 16:49:01
Researchers detailed last week at ekoparty Security Conference their findings on a flaw in Microsoft's popular framework.
2010-09-07 15:45:56
First reported in December 2009, the bug has been fixed on all major browsers but Microsoft's.
2010-07-16 15:42:51
The malware spreads through removable drives even if AutoPlay is disabled, installs rootkit on the computer.
2010-06-11 12:23:26
Internet Explorer and Windows Media Player contribute to making Windows XP's Help and Support Center vulnerable to remote attacks.
2010-05-19 11:30:03
Microsoft has released a security advisory concerning a bug related to the Aero desktop theme on Windows 7 and Windows Server 2008.
2010-03-30 16:29:35
Two weeks before Patch Tuesday, Microsoft rushes out a patch for Internet Explorer, even though IE8 already includes workarounds to the addressed vulnerability.