Windows | Core Security

The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.

This update adds support to control the FTP Server port number and socket timeout.

This update adds support for Windows 7 64-bit.

The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.

This update improves the reliability by handling scenarios where the attack cannot be performed.

Microsoft Windows Shell does not properly sanitize special characters in a URI, allowing the opening a dangerous files.

An attacker can leverage this vulnerability to execute code in the context of the current user.

An OS Command Injection Vulnerability was found in Apache Tika Server 1.11= Version =1.17. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request.

A Buffer Overflow exists when parsing .PDF files. The vulnerability is caused due to a boundary error when handling a crafted .PDF files.

A Buffer Overflow exists when parsing .mp3/wma files. The vulnerability is caused due to a boundary error when handling a crafted .mp3/wma files.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Subscribe to Windows

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum