>> ARCHIVE: 2017-01

Microsoft power point allows users to insert objects of arbitrary file types. At presentation time these objects can be activated by mouse movement or clicking.

PageKit version 1.0.10 suffers from a password reset vulnerability.

Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.

Python version 2.x suffers from a buffer overflow in the DecodeAdpcmImaQT function in the ctypes module.

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

Oracle PeopleSoft HCM version 9.2 suffers from a cross site scripting vulnerability.

Oracle OpenJDK Runtime Environment build 1.8.0_112-b15 suffers from a java serialization denial of service vulnerability.

CUPS suffers from an incorrect whitelist that permits DNS rebinding attacks.

Cisco’s WebEx extension has a URL that allows for arbitrary remote command execution.

This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.