#auth

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

'.../...//' in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit this vulnerability by crafting a malicious RTF file. If a user opens the file or it is rendered in the preview pane, the attacker could execute arbitrary code in the user's context.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.