Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0974 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975. | |||||
| CVE-2018-0975 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974. | |||||
| CVE-2018-0981 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000. | |||||
| CVE-2018-0987 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000. | |||||
| CVE-2018-0989 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000. | |||||
| CVE-2018-0998 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. | |||||
| CVE-2018-1000 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2020-08-24 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. | |||||
| CVE-2018-1000015 | 1 Jenkins | 1 Pipeline Nodes And Processes | 2020-08-24 | 4.9 MEDIUM | 4.8 MEDIUM |
| On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier. | |||||
| CVE-2018-1000119 | 1 Sinatrarb | 1 Rack-protection | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. | |||||
| CVE-2018-1000149 | 1 Jenkins | 1 Ansible | 2020-08-24 | 6.8 MEDIUM | 5.6 MEDIUM |
| A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default. | |||||
| CVE-2018-1000159 | 1 Tlslite-ng Project | 1 Tlslite-ng | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8. | |||||
| CVE-2018-1000199 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. | |||||
| CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | |||||
| CVE-2018-1000880 | 4 Canonical, Fedoraproject, Libarchive and 1 more | 4 Ubuntu Linux, Fedora, Libarchive and 1 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. | |||||
| CVE-2018-1007 | 1 Microsoft | 1 Office | 2020-08-24 | 2.6 LOW | 5.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950. | |||||
| CVE-2018-1021 | 1 Microsoft | 1 Edge | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. | |||||
| CVE-2018-1025 | 1 Microsoft | 2 Edge, Internet Explorer | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2018-10803 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | |||||
| CVE-2018-10806 | 1 Frogcms Project | 1 Frogcms | 2020-08-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | |||||
| CVE-2018-10946 | 1 Polycom | 2 Realpresence Debut, Realpresence Debut Firmware | 2020-08-24 | 2.7 LOW | 6.8 MEDIUM |
| An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI. | |||||
| CVE-2018-10949 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | |||||
| CVE-2018-10998 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. | |||||
| CVE-2018-11002 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2020-08-24 | 5.8 MEDIUM | 5.5 MEDIUM |
| Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. | |||||
| CVE-2018-11076 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
| Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. | |||||
| CVE-2018-11087 | 1 Pivotal Software | 2 Rabbitmq, Spring Advanced Message Queuing Protocol | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | |||||
| CVE-2018-11383 | 1 Radare | 1 Radare2 | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in the CPSE handler in libr/anal/p/anal_avr.c. | |||||
| CVE-2018-11507 | 1 Flif | 1 Flif | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | |||||
| CVE-2018-11563 | 1 Otrs | 1 Otrs | 2020-08-24 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. | |||||
| CVE-2018-1158 | 1 Mikrotik | 1 Routeros | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. | |||||
| CVE-2018-11820 | 1 Qualcomm | 92 Ipq8074, Ipq8074 Firmware, Mdm9150 and 89 more | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
| CVE-2018-11976 | 1 Qualcomm | 92 Ipq8074, Ipq8074 Firmware, Mdm9150 and 89 more | 2020-08-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-12011 | 1 Google | 1 Android | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure. | |||||
| CVE-2018-12038 | 1 Samsung | 2 840 Evo, 840 Evo Firmware | 2020-08-24 | 1.9 LOW | 4.2 MEDIUM |
| An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. | |||||
| CVE-2018-12147 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2020-08-24 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | |||||
| CVE-2018-12160 | 1 Intel | 1 Data Migration Software | 2020-08-24 | 4.6 MEDIUM | 5.3 MEDIUM |
| DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. | |||||
| CVE-2018-12181 | 1 Tianocore | 1 Edk Ii | 2020-08-24 | 3.6 LOW | 6.0 MEDIUM |
| Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. | |||||
| CVE-2018-1219 | 1 Emc | 1 Rsa Archer | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. A remote authenticated malicious user can potentially exploit this vulnerability to gather information about the user base and may use this information in subsequent attacks. | |||||
| CVE-2018-12244 | 1 Symantec | 1 Endpoint Protection | 2020-08-24 | 6.8 MEDIUM | 6.3 MEDIUM |
| SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | |||||
| CVE-2018-12261 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2020-08-24 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root. | |||||
| CVE-2018-12357 | 1 Arista | 1 Cloudvision Portal | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | |||||
| CVE-2018-12384 | 1 Mozilla | 1 Network Security Services | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. | |||||
| CVE-2018-12403 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | |||||
| CVE-2018-1242 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. | |||||
| CVE-2018-4921 | 1 Adobe | 1 Connect | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-4926 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5168 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
| CVE-2018-5172 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5201 | 1 Hancom | 4 Hancom Office 2010, Hancom Office 2014, Hancom Office 2018 and 1 more | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions. | |||||
| CVE-2018-5235 | 1 Symantec | 1 Norton Utilities | 2020-08-24 | 4.4 MEDIUM | 6.0 MEDIUM |
| Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. | |||||