Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-1765

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Mar, 2007 | 00:00
Updated At-07 Aug, 2024 | 13:06
Rejected At-
Credits

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Mar, 2007 | 00:00
Updated At:07 Aug, 2024 | 13:06
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/464287/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://research.eeye.com/html/alerts/zeroday/20070328.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/464345/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/1151
vdb-entry
x_refsource_VUPEN
http://vil.nai.com/vil/content/v_141860.htm
x_refsource_MISC
http://www.avertlabs.com/research/blog/?p=230
x_refsource_MISC
http://www.securityfocus.com/bid/23194
vdb-entry
x_refsource_BID
http://www.microsoft.com/technet/security/advisory/935423.mspx
x_refsource_CONFIRM
http://www.securitytracker.com/id?1017827
vdb-entry
x_refsource_SECTRACK
http://www.avertlabs.com/research/blog/?p=233
x_refsource_MISC
http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/464287/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://research.eeye.com/html/alerts/zeroday/20070328.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/464345/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2007/1151
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://vil.nai.com/vil/content/v_141860.htm
Resource:
x_refsource_MISC
Hyperlink: http://www.avertlabs.com/research/blog/?p=230
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/23194
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.microsoft.com/technet/security/advisory/935423.mspx
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1017827
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.avertlabs.com/research/blog/?p=233
Resource:
x_refsource_MISC
Hyperlink: http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/464287/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://research.eeye.com/html/alerts/zeroday/20070328.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/464345/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2007/1151
vdb-entry
x_refsource_VUPEN
x_transferred
http://vil.nai.com/vil/content/v_141860.htm
x_refsource_MISC
x_transferred
http://www.avertlabs.com/research/blog/?p=230
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/23194
vdb-entry
x_refsource_BID
x_transferred
http://www.microsoft.com/technet/security/advisory/935423.mspx
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1017827
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.avertlabs.com/research/blog/?p=233
x_refsource_MISC
x_transferred
http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464287/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://research.eeye.com/html/alerts/zeroday/20070328.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/464345/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/1151
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://vil.nai.com/vil/content/v_141860.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.avertlabs.com/research/blog/?p=230
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/23194
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.microsoft.com/technet/security/advisory/935423.mspx
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1017827
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.avertlabs.com/research/blog/?p=233
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Mar, 2007 | 00:19
Updated At:23 Jul, 2021 | 12:16

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:advanced_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:datacenter_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:*:*:ja:server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:advanced_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:datacenter_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:advanced_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:datacenter_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:advanced_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:datacenter_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:advanced_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:datacenter_server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:server:*:*:*
Microsoft Corporation
microsoft
>>windows_2000>>-
cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>-
cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:datacenter:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>-
cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>-
cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:standard:*:*:*
Microsoft Corporation
microsoft
>>windows_2003_server>>-
cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:web_edition:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:business:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:december_ctp:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_basic:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:home_premium:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:home:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:media_center:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:professional:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:tablet_pc:*:*:*
Avaya LLC
avaya
>>ip600_media_servers>>*
cpe:2.3:a:avaya:ip600_media_servers:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>ie>>7.0
cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>Versions up to 6(inclusive)
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>definity_one_media_server>>*
cpe:2.3:h:avaya:definity_one_media_server:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>s3400>>*
cpe:2.3:h:avaya:s3400:*:*:*:*:*:*:*:*
Avaya LLC
avaya
>>s8100>>*
cpe:2.3:h:avaya:s8100:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/cve@mitre.org
Broken Link
http://research.eeye.com/html/alerts/zeroday/20070328.htmlcve@mitre.org
Third Party Advisory
http://vil.nai.com/vil/content/v_141860.htmcve@mitre.org
Broken Link
http://www.avertlabs.com/research/blog/?p=230cve@mitre.org
Third Party Advisory
http://www.avertlabs.com/research/blog/?p=233cve@mitre.org
Third Party Advisory
http://www.microsoft.com/technet/security/advisory/935423.mspxcve@mitre.org
Vendor Advisory
http://www.securityfocus.com/archive/1/464287/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/464345/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/23194cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1017827cve@mitre.org
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/1151cve@mitre.org
Third Party Advisory
Hyperlink: http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://research.eeye.com/html/alerts/zeroday/20070328.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://vil.nai.com/vil/content/v_141860.htm
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.avertlabs.com/research/blog/?p=230
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.avertlabs.com/research/blog/?p=233
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.microsoft.com/technet/security/advisory/935423.mspx
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/464287/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/464345/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/23194
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1017827
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.vupen.com/english/advisories/2007/1151
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

3425Records found
CVE-2020-9658
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.87% / 86.01%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:09
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsauditionAdobe Audition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9590
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.85% / 89.34%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 19:59
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsdigital_negative_software_development_kitAdobe DNG Software Development Kit (SDK)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0987
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-12.51% / 93.78%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0824
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.40% / 98.28%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-9565
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.92% / 88.07%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 20:09
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-bridgewindowsAdobe Bridge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0818
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-29.04% / 96.47%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpwindows_server_2008windows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0806
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-90.86% / 99.62%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2008windows_server_2003windows_2000windows_2003_serverwindows_vistainternet_explorern/a
CVE-2010-0811
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.43% / 98.06%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2003_serverwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0487
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.75% / 96.85%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2000windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0479
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.40% / 97.42%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0657
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.30% / 79.43%
||
7 Day CHG~0.00%
Published-18 Feb, 2010 | 17:19
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

Action-Not Available
Vendor-n/aGoogle LLCMicrosoft Corporation
Product-windowschromen/a
CVE-2010-0267
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-66.17% / 98.48%
||
7 Day CHG~0.00%
Published-31 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2008windows_server_2003windows_2000windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0199
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-26.98% / 96.26%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0128
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-8.22% / 92.04%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-directorshockwave_playerwindowsmacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9641
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.41% / 80.28%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:03
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Illustrator versions 24.1.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsillustratorAdobe Illustrator
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0653
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-33.65% / 96.84%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 23:11
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusOffice 365 ProPlus
CVE-2010-0116
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-12.53% / 93.79%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft Corporation
Product-realplayer_spwindowsrealplayern/a
CVE-2007-0352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-67.51% / 98.53%
||
7 Day CHG~0.00%
Published-19 Jan, 2007 | 01:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-html_help_workshopn/a
CVE-2010-0117
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-4.10% / 88.37%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft Corporation
Product-realplayer_spwindowsrealplayern/a
CVE-2010-0490
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.10% / 98.30%
||
7 Day CHG~0.00%
Published-31 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0491
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.43% / 98.32%
||
7 Day CHG~0.00%
Published-31 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2003windows_2000windows_2003_serverinternet_explorern/a
CVE-2010-0032
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.43% / 97.86%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-powerpointn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0478
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-81.67% / 99.16%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0264
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.56% / 98.06%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_excel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packoffice_sharepoint_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-7659
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.65% / 89.08%
||
7 Day CHG-1.53%
Published-11 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CVE-2010-0262
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.33% / 98.15%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_excel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packoffice_sharepoint_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0805
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-87.69% / 99.45%
||
7 Day CHG~0.00%
Published-31 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0040
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-19.78% / 95.31%
||
7 Day CHG~0.00%
Published-12 Mar, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windowssafarin/a
CVE-2018-8379
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-35.57% / 96.97%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.

Action-Not Available
Vendor-Microsoft Corporation
Product-excelexcel_2013_rtMicrosoft Excel
CVE-2010-0250
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.11% / 98.67%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0823
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.10%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_excel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0815
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.23% / 97.85%
||
7 Day CHG~0.00%
Published-12 May, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_basic_for_applicationsvisual_basic_sdkofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0986
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-8.38% / 92.13%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-31.39% / 96.66%
||
7 Day CHG~0.00%
Published-04 Feb, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2008windows_server_2003windows_2000windows_vistainternet_explorern/a
CVE-2010-0245
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.81% / 96.85%
||
7 Day CHG~0.00%
Published-22 Jan, 2010 | 21:20
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0247
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-29.00% / 96.46%
||
7 Day CHG~0.00%
Published-22 Jan, 2010 | 21:20
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpwindows_2000internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0127
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-14.03% / 94.19%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.22% / 93.00%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbitrary code via unspecified vectors that are not related to the use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE: due to lack of details, it is not clear whether this overlaps any other CVE item.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-windows_xpflash_playern/a
CVE-2010-0120
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-12.53% / 93.79%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft Corporation
Product-realplayer_spwindowsrealplayern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0198
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-26.98% / 96.26%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0536
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.11% / 83.80%
||
7 Day CHG~0.00%
Published-31 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7windows_xpquicktimewindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-9653
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.33% / 84.54%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:12
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowspremiere_proAdobe Premiere Pro
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-0130
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-8.8||HIGH
EPSS-9.71% / 92.77%
||
7 Day CHG~0.00%
Published-13 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsshockwave_playermacosn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-0030
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.13% / 98.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-powerpointn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7652
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-56.22% / 98.04%
||
7 Day CHG-5.94%
Published-11 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsiphone_osmac_os_xandroidn/a
CVE-2018-8464
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-83.41% / 99.25%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0191
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-18.13% / 95.04%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0480
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-83.49% / 99.26%
||
7 Day CHG~0.00%
Published-14 Apr, 2010 | 15:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2008windows_server_2003windows_2000windows_2003_serverwindows_vistan/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0378
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-13.77% / 94.13%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory corruption, aka a "Movie Unloading Vulnerability."

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-windows_xpflash_playern/a
CWE ID-CWE-416
Use After Free
CVE-2010-0243
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.40% / 97.42%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-officemacosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • ...
  • 68
  • 69
  • Next
Details not found