Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0038

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-30 Mar, 2007 | 20:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:30 Mar, 2007 | 20:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/cas/techalerts/TA07-093A.html
third-party-advisory
x_refsource_CERT
http://www.vupen.com/english/advisories/2007/1215
vdb-entry
x_refsource_VUPEN
http://securityreason.com/securityalert/2542
third-party-advisory
x_refsource_SREASON
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
mailing-list
x_refsource_FULLDISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/archive/1/464342/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/191609
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/466186/100/200/threaded
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/24659
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA07-089A.html
third-party-advisory
x_refsource_CERT
https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/464460/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
x_refsource_MISC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
vendor-advisory
x_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
third-party-advisory
x_refsource_CERT
http://www.osvdb.org/33629
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/464459/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/466186/100/200/threaded
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/archive/1/464269/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/464340/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/464339/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-093A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.vupen.com/english/advisories/2007/1215
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securityreason.com/securityalert/2542
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/archive/1/464342/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.kb.cert.org/vuls/id/191609
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/466186/100/200/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/24659
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-089A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/464460/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
Resource:
x_refsource_MISC
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-100A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.osvdb.org/33629
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/464459/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/466186/100/200/threaded
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/archive/1/464269/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/464340/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/464339/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/cas/techalerts/TA07-093A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.vupen.com/english/advisories/2007/1215
vdb-entry
x_refsource_VUPEN
x_transferred
http://securityreason.com/securityalert/2542
third-party-advisory
x_refsource_SREASON
x_transferred
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
mailing-list
x_refsource_FULLDISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/archive/1/464342/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.kb.cert.org/vuls/id/191609
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/466186/100/200/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/24659
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-089A.html
third-party-advisory
x_refsource_CERT
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/464460/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
x_refsource_MISC
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
vendor-advisory
x_refsource_MS
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.osvdb.org/33629
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/464459/100/100/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/466186/100/200/threaded
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/archive/1/464269/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/464340/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/464339/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-093A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1215
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securityreason.com/securityalert/2542
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464342/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/191609
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/466186/100/200/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/24659
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-089A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464460/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-100A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.osvdb.org/33629
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464459/100/100/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/466186/100/200/threaded
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464269/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464340/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464339/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:30 Mar, 2007 | 20:19
Updated At:16 Oct, 2018 | 16:30

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>gold
cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>gold
cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>gold
cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>sp1
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>sp1
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>sp2
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>sp2
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>sp2
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.htmlsecure@microsoft.com
N/A
http://secunia.com/advisories/24659secure@microsoft.com
Vendor Advisory
http://securityreason.com/securityalert/2542secure@microsoft.com
N/A
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.aspsecure@microsoft.com
Vendor Advisory
http://www.kb.cert.org/vuls/id/191609secure@microsoft.com
US Government Resource
http://www.osvdb.org/33629secure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464269/100/0/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464339/100/0/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464340/100/0/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464342/100/0/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464459/100/100/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/464460/100/100/threadedsecure@microsoft.com
N/A
http://www.securityfocus.com/archive/1/466186/100/200/threadedsecure@microsoft.com
N/A
http://www.us-cert.gov/cas/techalerts/TA07-089A.htmlsecure@microsoft.com
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-093A.htmlsecure@microsoft.com
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA07-100A.htmlsecure@microsoft.com
US Government Resource
http://www.vupen.com/english/advisories/2007/1215secure@microsoft.com
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017secure@microsoft.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/33301secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854secure@microsoft.com
N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/24659
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/2542
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/191609
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.osvdb.org/33629
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464269/100/0/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464339/100/0/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464340/100/0/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464342/100/0/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464459/100/100/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464460/100/100/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/466186/100/200/threaded
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-089A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-093A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-100A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/1215
Source: secure@microsoft.com
Resource:
Vendor Advisory
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6375Records found
CVE-2008-3008
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-79.52% / 99.05%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 15:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_media_encoderwindows_xpwindows_2003_serverwindows-ntwindows_2000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3332
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3343
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.85% / 94.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3386
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-77.91% / 98.97%
||
7 Day CHG~0.00%
Published-14 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3260
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.64% / 95.64%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3364
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-22.66% / 95.65%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-vision/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3381
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-23.51% / 95.76%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3363.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelexcel_vieweroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3360
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-17.41% / 94.81%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, PowerPoint 2016 for Mac, Office Compatibility Pack SP3, PowerPoint Viewer, SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_apps_serverpowerpoint_for_macoffice_web_appspowerpoint_vieweroffice_compatibility_packpowerpointsharepoint_designern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3284
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.60% / 96.63%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packexcelexcel_rtexcel_viewerexcel_for_macn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3269
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.59% / 96.02%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3265.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3334
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3335
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3204
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.61% / 95.64%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3281
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_for_macoffice_web_appssharepoint_serverword_rtofficewordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3367
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.25% / 95.87%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-silverlightn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3214
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.46% / 95.33%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3363
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-26.85% / 96.17%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3381.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelexcel_vieweroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3361
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-19.79% / 95.22%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3211
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.58% / 95.64%
||
7 Day CHG+2.05%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3356
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.51% / 95.34%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3340
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-12.41% / 93.64%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3313
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-47.00% / 97.59%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_for_macword_viewerofficen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3265
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.11% / 95.97%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3269.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3199
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-21.57% / 95.51%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3385
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-20.81% / 95.39%
||
7 Day CHG~0.00%
Published-14 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3222
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-69.90% / 98.61%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3233
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-29.81% / 96.47%
||
7 Day CHG-1.57%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceloffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3342
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.85% / 94.04%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3383
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-15.41% / 94.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3210
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.58% / 95.64%
||
7 Day CHG-3.01%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3282
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_apps_serverword_for_macoffice_web_appsoffice_online_serverword_vieweroffice_compatibility_packsharepoint_serverword_rtofficewordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3248
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.18% / 95.97%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3259.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2547
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-29.78% / 96.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 19:17
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and 4.5.6001.22159 in Microsoft Windows Installer allows context-dependent attackers to execute arbitrary code via a long GUID value for the /x (aka /uninstall) option. NOTE: this issue might cross privilege boundaries if msiexec.exe is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_installern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2427
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-36.67% / 97.01%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

Action-Not Available
Vendor-pagesperso-orangen/aRed Hat, Inc.FreeBSD FoundationMicrosoft Corporation
Product-freebsdgfl_sdkxnviewlinuxnconvertwindows_ntn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2245
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-82.51% / 99.18%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 00:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_2000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1709
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-35.45% / 96.92%
||
7 Day CHG~0.00%
Published-09 Apr, 2008 | 19:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_interdevn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-1019
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.96% / 89.26%
||
7 Day CHG~0.00%
Published-24 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windows_7iphone_oswindows_vistawindows_xpquicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1442
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-65.33% / 98.42%
||
7 Day CHG~0.00%
Published-12 Jun, 2008 | 01:30
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0992
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-15.25% / 94.35%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0986
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.38% / 91.34%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-1002
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-53.03% / 97.87%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0936
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.45% / 88.62%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG 2000 data, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0961
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.38% / 91.34%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43013
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.06% / 86.17%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 19:53
Updated-23 Apr, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder memory corruption vulnerability could lead to remote code execution

Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0962
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.38% / 91.34%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0938
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.90% / 87.81%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0931, CVE-2016-0933, CVE-2016-0936, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0989
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-7.07% / 91.14%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0960
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.78% / 92.15%
||
7 Day CHG~0.00%
Published-12 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.

Action-Not Available
Vendor-n/aSamsungAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerchrome_oslinux_kernelflash_player_desktop_runtimeair_desktop_runtimeair_sdkx14j_firmwareair_sdk_\&_compilerwindows_8.1windowsiphone_osmac_os_xandroidwindows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0055
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-30.33% / 96.53%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0035
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-24.43% / 95.90%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelexcel_viewerexcel_for_macoffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 127
  • 128
  • Next
Details not found