[CLOSE] OSVDB ID : 92130 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains an unspecified flaw in win32k.sys that leads to unauthorized privileges being gained. The issue is due to a race condition that is triggered during the handling of memory objects. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92131 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains a flaw in win32k.sys that may allow a denial of service. The issue is triggered during the handling of a specially crafted font file. This may allow a context-dependent attacker to crash the system.

[CLOSE] OSVDB ID : 92132 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains an unspecified flaw in win32k.sys that leads to unauthorized privileges being gained. The issue is due to a race condition that is triggered during the handling of memory objects. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92133 - Disclosed: 2013-04-09

Description:

Microsoft Windows contains a flaw that leads to unauthorized privileges being gained. The issue is due to the NTFS kernel-mode driver failing to properly handle objects in memory. This may allow a physically present attacker to cause a NULL pointer dereference, which will allow them to gain elevated privileges.

[CLOSE] OSVDB ID : 92120 - Disclosed: 2013-04-09

Description:

Microsoft IE contains an unspecified use-after-free error. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92121 - Disclosed: 2013-04-09

Description:

Microsoft IE contains an unspecified use-after-free error. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92122 - Disclosed: 2013-04-09

Description:

Microsoft Windows Remote Desktop Client contains a use-after-free error in the mstscax.dll ActiveX component, when manipulating TransportSettings or AdvancedSettings. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 91155 - Disclosed: 2013-03-12

Description:

Microsoft Windows contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when an error occurs in the USB RNDIS driver during the handling of unspecified memory objects supplied by a USB device. This may allow a physically present attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 91156 - Disclosed: 2013-03-12

Description:

Microsoft Windows contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when an error occurs in the USB RNDIS driver during the handling of unspecified memory objects supplied by a USB device. This may allow a physically present attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 91157 - Disclosed: 2013-03-12

Description:

Microsoft Windows contains a flaw that leads to unauthorized privileges being gained. The issue is triggered when an error occurs in the USB RNDIS driver during the handling of unspecified memory objects supplied by a USB device. This may allow a physically present attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 91152 - Disclosed: 2013-03-12

Description:

Microsoft SharePoint contains an unspecified overflow condition that is triggered as user-supplied input is not properly validated. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service. No further details have been released by the vendor.

[CLOSE] OSVDB ID : 91138 - Disclosed: 2013-03-12

Description:

Microsoft IE contains a use-after-free error related to OnResize and OnMove, in the CElement::EnsureRecalcNotify() function, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91139 - Disclosed: 2013-03-12

Description:

Microsoft IE contains a use-after-free error related to the handling of elements related to saveHistory and the onload event handler, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 91140 - Disclosed: 2013-03-12

Description:

Microsoft IE contains a use-after-free error related to the handling of elements in CMarkupBehaviorContext objects, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 91141 - Disclosed: 2013-03-12

Description:

Microsoft IE contains an unspecified use-after-free error related to CCaret, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91142 - Disclosed: 2013-03-12

Description:

Microsoft IE contains an unspecified use-after-free error related to CElement, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91143 - Disclosed: 2013-03-12

Description:

Microsoft IE contains an unspecified use-after-free error related to GetMarkupPtr and the execCommand Print event, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor or researcher.

[CLOSE] OSVDB ID : 91144 - Disclosed: 2013-03-12

Description:

Microsoft IE contains a use-after-free error related to onBeforeCopy and execCommand selectAll event handling, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 91145 - Disclosed: 2013-03-12

Description:

Microsoft IE contains an unspecified use-after-free error related to removeChild and the handling of CHtmlComponentProperty objects, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91146 - Disclosed: 2013-03-12

Description:

Microsoft IE contains an unspecified use-after-free error related to CTreeNode, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91147 - Disclosed: 2013-03-12

Description:

Microsoft Silverlight contains an unspecified flaw that is triggered during the handling of a specially crafted Silverlight application, which will result in a "double dereference" error. This may allow a context-dependent attacker to execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91148 - Disclosed: 2013-03-12

Description:

Microsoft Visio Viewer contains an an unspecified flaw related to "tree object type confusion" that is triggered during the handling of a specially crafted Visio file. This may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91149 - Disclosed: 2013-03-12

Description:

Microsoft SharePoint contains an unspecified flaw in the Callback function that leads to unauthorized privileges being gained. The issue is triggered when handling a specially crafted URL and may allow a context-dependent attacker to gain elevated privileges after obtaining unauthorized access to potentially sensitive information.

[CLOSE] OSVDB ID : 91153 - Disclosed: 2013-03-12

Description:

Microsoft OneNote contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when allocating memory when validating buffer sizes during the handling of a specially crafted ONE file. This may allow a context-dependent attacker to gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 91150 - Disclosed: 2013-03-12

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 91151 - Disclosed: 2013-03-12

Description:

Microsoft SharePoint contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a remote attacker to escalate their privileges after obtaining sensitive information.

[CLOSE] OSVDB ID : 91154 - Disclosed: 2013-03-12

Description:

Microsoft Office for Mac contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when loading unspecified content tags in an HTML5 email message. This may allow a context-dependent attacker to learn that "the targeted email account is valid and that the specially crafted email has been read".

[CLOSE] OSVDB ID : 91197 - Disclosed: 2013-03-06

Description:

Microsoft Internet Explroer contains an unspecified flaw that may allow a context-dependent attacker to potentially execute arbitrary code. No further details have been provided by the researcher.

[CLOSE] OSVDB ID : 90133 - Disclosed: 2013-02-13

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90137 - Disclosed: 2013-02-13

Description:

Microsoft Windows contains a TOCTOU (Time-Of-Check, Time-Of-Use) race condition in the 'SfnINOUTSTYLECHANGE' function in the Windows kernel-mode driver, win32k.sys, as it fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90132 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90134 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90135 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90136 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90138 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90139 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90140 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90141 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90142 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 90143 - Disclosed: 2013-02-12

Description:

Microsoft Windows contains a race condition that leads to unauthorized privileges being gained. The issue is triggered when the Windows kernel-mode driver, win32k.sys, fails to properly handle objects in memory. This may allow a local attacker to gain elevated privileges.