A remote code execution vulnerability exists when Skype for Business and Microsoft Lync Servers fail to properly sanitize specially crafted content.An authenticated attacker who successfully exploited this vulnerability could execute HTML and JavaScript content in the Skype for Business or Lync context. An attacker could use this vulnerability to open a web page using the default browser, open ano ...
A security feature bypass vulnerability exists when Microsoft Office Outlook improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince a user to open the document file and interact with the ...
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data.To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location wher ...
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of this vulnerability requires that a user open a s ...
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current ...
The host is missing a critical security update according to Microsoft security bulletin, MS16-107. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle a specially crafted Microsoft Office file. Successful exploitation could allow to execute arbitrary code.
The host is installed with Microsoft Office 2013 SP1 or 2016 and is prone to an ASLR protection mechanism bypass vulnerability. A flaw is present in the applications, which fail to handle a crafted application. Successful exploitation could allow attackers to bypass the ASLR protection mechanism.
The host is installed with Microsoft Visio 2016 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle a crafted document. Successful exploitation could allow attackers to execute arbitrary code.