Remote Code Execution in Microsoft Office Products for Windows

Posted on May 30, 2022 in End-User Applications

A remote code execution vulnerability, dubbed 'Follina', has been found in Microsoft Office via Microsoft Support Diagnostic Tool (MSDT). This issue can be exploited in the default configuration on Windows, and only requires the user be tricked into downloading a malicious file. There is no patch. This issue has been assigned a bug alert severity of 'high'.

Continue reading

Advanced warning: possible remote code execution (RCE) in Spring, an extremely popular Java framework

Posted on March 29, 2022 in Software Frameworks, Libraries, and Components

An unconfirmed, but possible, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of 'critical'. While unconfirmed, the severity has been assigned 'high'.

Continue reading