Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-4131

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Dec, 2005 | 11:00
Updated At-07 Aug, 2024 | 23:31
Rejected At-
Credits

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Dec, 2005 | 11:00
Updated At:07 Aug, 2024 | 23:31
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
vdb-entry
x_refsource_XF
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
x_refsource_MISC
http://www.securityfocus.com/bid/15780
vdb-entry
x_refsource_BID
http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
x_refsource_MISC
http://securityreason.com/securityalert/584
third-party-advisory
x_refsource_SREASON
http://informationweek.com/story/showArticle.jhtml?articleID=174910198
x_refsource_MISC
http://www.vupen.com/english/advisories/2006/0950
vdb-entry
x_refsource_VUPEN
http://news.zdnet.com/2100-1009_22-5989078.html
x_refsource_MISC
http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
x_refsource_MISC
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
x_refsource_CONFIRM
http://securityreason.com/securityalert/591
third-party-advisory
x_refsource_SREASON
http://secunia.com/advisories/19238
third-party-advisory
x_refsource_SECUNIA
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
x_refsource_MISC
http://www.us-cert.gov/cas/techalerts/TA06-073A.html
third-party-advisory
x_refsource_CERT
http://secunia.com/advisories/19138
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/blog/?p=71
x_refsource_MISC
http://securitytracker.com/id?1015333
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/427635/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
x_refsource_MISC
http://securitytracker.com/id?1015766
vdb-entry
x_refsource_SECTRACK
http://www.kb.cert.org/vuls/id/642428
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/427698/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/news/11363
x_refsource_MISC
http://news.com.com/2061-10789_3-5988086.html
x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
vendor-advisory
x_refsource_MS
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/15780
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
Resource:
x_refsource_MISC
Hyperlink: http://securityreason.com/securityalert/584
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://informationweek.com/story/showArticle.jhtml?articleID=174910198
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2006/0950
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://news.zdnet.com/2100-1009_22-5989078.html
Resource:
x_refsource_MISC
Hyperlink: http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
Resource:
x_refsource_MISC
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://securityreason.com/securityalert/591
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://secunia.com/advisories/19238
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
Resource:
x_refsource_MISC
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://secunia.com/advisories/19138
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/blog/?p=71
Resource:
x_refsource_MISC
Hyperlink: http://securitytracker.com/id?1015333
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/archive/1/427635/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
Resource:
x_refsource_MISC
Hyperlink: http://securitytracker.com/id?1015766
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.kb.cert.org/vuls/id/642428
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/427698/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/news/11363
Resource:
x_refsource_MISC
Hyperlink: http://news.com.com/2061-10789_3-5988086.html
Resource:
x_refsource_MISC
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
Resource:
vendor-advisory
x_refsource_MS
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
vdb-entry
x_refsource_XF
x_transferred
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/15780
vdb-entry
x_refsource_BID
x_transferred
http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
x_refsource_MISC
x_transferred
http://securityreason.com/securityalert/584
third-party-advisory
x_refsource_SREASON
x_transferred
http://informationweek.com/story/showArticle.jhtml?articleID=174910198
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2006/0950
vdb-entry
x_refsource_VUPEN
x_transferred
http://news.zdnet.com/2100-1009_22-5989078.html
x_refsource_MISC
x_transferred
http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
x_refsource_MISC
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
x_refsource_CONFIRM
x_transferred
http://securityreason.com/securityalert/591
third-party-advisory
x_refsource_SREASON
x_transferred
http://secunia.com/advisories/19238
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
x_refsource_MISC
x_transferred
http://www.us-cert.gov/cas/techalerts/TA06-073A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://secunia.com/advisories/19138
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/blog/?p=71
x_refsource_MISC
x_transferred
http://securitytracker.com/id?1015333
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/archive/1/427635/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
x_refsource_MISC
x_transferred
http://securitytracker.com/id?1015766
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.kb.cert.org/vuls/id/642428
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/427698/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/news/11363
x_refsource_MISC
x_transferred
http://news.com.com/2061-10789_3-5988086.html
x_refsource_MISC
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/15780
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securityreason.com/securityalert/584
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://informationweek.com/story/showArticle.jhtml?articleID=174910198
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/0950
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://news.zdnet.com/2100-1009_22-5989078.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securityreason.com/securityalert/591
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://secunia.com/advisories/19238
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://secunia.com/advisories/19138
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/blog/?p=71
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securitytracker.com/id?1015333
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/427635/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://securitytracker.com/id?1015766
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/642428
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/427698/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/news/11363
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://news.com.com/2061-10789_3-5988086.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Dec, 2005 | 11:03
Updated At:03 Apr, 2025 | 01:03

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Microsoft Corporation
microsoft
>>excel>>95
cpe:2.3:a:microsoft:excel:95:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>97
cpe:2.3:a:microsoft:excel:97:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>97
cpe:2.3:a:microsoft:excel:97:sr1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>97
cpe:2.3:a:microsoft:excel:97:sr2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2000
cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2000
cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2000
cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2000
cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2002
cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2002
cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2002
cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2002
cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2003
cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>excel>>2003
cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538cve@mitre.org
N/A
http://informationweek.com/story/showArticle.jhtml?articleID=174910198cve@mitre.org
N/A
http://news.com.com/2061-10789_3-5988086.htmlcve@mitre.org
N/A
http://news.zdnet.com/2100-1009_22-5989078.htmlcve@mitre.org
N/A
http://secunia.com/advisories/19138cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/19238cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/584cve@mitre.org
N/A
http://securityreason.com/securityalert/591cve@mitre.org
N/A
http://securitytracker.com/id?1015333cve@mitre.org
N/A
http://securitytracker.com/id?1015766cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htmcve@mitre.org
N/A
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/cve@mitre.org
N/A
http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/642428cve@mitre.org
US Government Resource
http://www.osvdb.org/blog/?p=71cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/427635/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/427698/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/15780cve@mitre.org
Patch
http://www.securityfocus.com/news/11363cve@mitre.org
N/A
http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.htmlcve@mitre.org
N/A
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA06-073A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2006/0950cve@mitre.org
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/23537cve@mitre.org
N/A
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538af854a3a-2127-422b-91ae-364da2661108
N/A
http://informationweek.com/story/showArticle.jhtml?articleID=174910198af854a3a-2127-422b-91ae-364da2661108
N/A
http://news.com.com/2061-10789_3-5988086.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://news.zdnet.com/2100-1009_22-5989078.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19138af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19238af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/584af854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/591af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1015333af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1015766af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/642428af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.osvdb.org/blog/?p=71af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/427635/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/427698/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/15780af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/news/11363af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA06-073A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/0950af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/23537af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://informationweek.com/story/showArticle.jhtml?articleID=174910198
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://news.com.com/2061-10789_3-5988086.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://news.zdnet.com/2100-1009_22-5989078.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/19138
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19238
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/584
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/591
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015333
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015766
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/642428
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/blog/?p=71
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/427635/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/427698/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15780
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securityfocus.com/news/11363
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/0950
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://informationweek.com/story/showArticle.jhtml?articleID=174910198
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://news.com.com/2061-10789_3-5988086.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://news.zdnet.com/2100-1009_22-5989078.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19138
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19238
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/584
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/591
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015333
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015766
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/642428
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/blog/?p=71
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/427635/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/427698/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/15780
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/news/11363
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2006/0950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/23537
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1669Records found
CVE-2018-17657
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17617
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onFocus events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6335.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-readerwindowsFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2021-21021
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.44% / 93.94%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17616
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of onBlur events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6334.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17635
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2020-7810
Matching Score-8
Assigner-KrCERT/CC
ShareView Details
Matching Score-8
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.86%
||
7 Day CHG~0.00%
Published-07 Aug, 2020 | 15:21
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HandySoft ActiveX File Download and Execution Vulnerability

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

Action-Not Available
Vendor-handysoftHandysoft, Inc.Microsoft Corporation
Product-windowshslogin2.dllhslogin2.dll
CWE ID-CWE-353
Missing Support for Integrity Check
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2021-21040
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-13.79% / 94.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17644
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the addItem method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6481.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17665
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the currentPage property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6519.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17698
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7067.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17661
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the messageBox method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6513.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17637
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the loadXML method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6473.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2015-2114
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 57.48%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-support_solution_frameworkwindowsn/a
CVE-2018-17701
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.52% / 65.79%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JSON objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7132.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-17649
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAttribute method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6486.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2019-1113
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-27.59% / 96.25%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:09
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10.net_frameworkwindows_server_2019windows_server_2008visual_studio_2017Microsoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 2.0Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft Visual Studio 2017Microsoft Visual Studio 2019Microsoft .NET Framework 4.6/4.6.1/4.6.2Microsoft .NET Framework 3.0Microsoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft Visual StudioMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit SystemsMicrosoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2018-17642
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the colSpan property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6479.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17651
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getItemState method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6501.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17653
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6503.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17706
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.67%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsFoxit PhantomPDF
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-17619
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Validate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6352.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-readerwindowsFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17667
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the print method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6521.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17675
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17646
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the fillColor property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6483.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17702
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of button objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7252.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17659
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the title property of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6511.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17663
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17695
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the username property of a TextField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7145.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17691
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17677
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the mailDoc method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6850.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17676
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17631
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeInstance event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6500.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17615
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.43%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Mouse Exit events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6333.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17638
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the getAttribute method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6474.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17666
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17650
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNodes method of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6487.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17678
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17632
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.78% / 72.81%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resolveNode event. The issue results from the lack of validation of the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6700.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17694
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfwindowsreaderPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17623
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.43%
||
7 Day CHG~0.00%
Published-29 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6434.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsFoxit Reader
CWE ID-CWE-416
Use After Free
CVE-2018-17683
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17679
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.25%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6890.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17627
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the XFA mouseUp event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6455.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17625
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.25% / 78.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17341
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.46% / 63.21%
||
7 Day CHG~0.00%
Published-23 Sep, 2018 | 05:00
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.

Action-Not Available
Vendor-bigtreecmsn/aMicrosoft Corporation
Product-windowsbigtree_cmsn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-17690
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the rect property of a Link object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7103.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17684
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the isPropertySpecified method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6470.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17688
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.50%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setItems method of a ComboBox. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7069.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-416
Use After Free
CVE-2018-17670
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the content property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6524.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
CVE-2018-17660
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.08%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 04:00
Updated-05 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the resetData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6512.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsReader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 33
  • 34
  • Next
Details not found