<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Mon Oct 16 21:51:42 2017 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-848: Microsoft Chakra asm.js ArrayBuffer Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Pu8pq8_f_5s/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Pu8pq8_f_5s" height="1" width="1" alt=""/> Wed, 11 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-848/ <![CDATA[ZDI-17-847: Microsoft Office Excel xls File Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/GS_MCCcXu2I/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/GS_MCCcXu2I" height="1" width="1" alt=""/> Wed, 11 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-847/ <![CDATA[ZDI-17-846: Microsoft Windows DNSAPI NSEC3_RecordRead Heap-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/C9IG4z4Ax0Q/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/C9IG4z4Ax0Q" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-846/ <![CDATA[ZDI-17-845: Microsoft Windows Submenu Use-After-Free Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/2enXaPrFCZQ/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/2enXaPrFCZQ" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-845/ <![CDATA[ZDI-17-844: Microsoft Chakra Array JIT Optimization Type Confusion Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/g9Js_7zjXcY/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/g9Js_7zjXcY" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-844/ <![CDATA[ZDI-17-843: Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/3Th5p6wttWE/ This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/3Th5p6wttWE" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-843/ <![CDATA[ZDI-17-842: Microsoft Edge substringData Use-After-Free Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/OIe7_NRt6sM/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/OIe7_NRt6sM" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-842/ <![CDATA[ZDI-17-841: Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/j2zRbaTcTvg/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/j2zRbaTcTvg" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-841/ <![CDATA[ZDI-17-840: Microsoft Windows XLS File Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/rCcAZr2NvWw/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/rCcAZr2NvWw" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-840/ <![CDATA[ZDI-17-839: Microsoft Windows XLS File Heap-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/5N5Gxdy4KzI/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/5N5Gxdy4KzI" height="1" width="1" alt=""/> Tue, 10 Oct 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-839/