Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-1108

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-04 Jun, 2008 | 20:00
Updated At-07 Aug, 2024 | 08:08
Rejected At-
Credits

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:04 Jun, 2008 | 20:00
Updated At:07 Aug, 2024 | 08:08
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
vendor-advisory
x_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/1732/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/30298
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/30564
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2008-0516.html
vendor-advisory
x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0515.html
vendor-advisory
x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200806-06.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/30571
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
vdb-entry
signature
x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2008-0514.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/30716
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/secunia_research/2008-22/advisory/
x_refsource_MISC
http://secunia.com/advisories/30536
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/30527
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/29527
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1020169
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/30702
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
vendor-advisory
x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2008-0517.html
vendor-advisory
x_refsource_REDHAT
http://www.ubuntu.com/usn/usn-615-1
vendor-advisory
x_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
vdb-entry
x_refsource_XF
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.vupen.com/english/advisories/2008/1732/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/30298
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/30564
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0516.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0515.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/30571
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0514.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/30716
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/secunia_research/2008-22/advisory/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/30536
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/30527
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/29527
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1020169
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/30702
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0517.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ubuntu.com/usn/usn-615-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.vupen.com/english/advisories/2008/1732/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/30298
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/30564
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0516.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0515.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://security.gentoo.org/glsa/glsa-200806-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/30571
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0514.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/30716
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/secunia_research/2008-22/advisory/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/30536
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/30527
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/29527
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1020169
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/30702
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0517.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ubuntu.com/usn/usn-615-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1732/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/30298
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/30564
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0516.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0515.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/30571
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0514.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/30716
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/secunia_research/2008-22/advisory/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/30536
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/30527
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29527
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020169
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/30702
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0517.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-615-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:04 Jun, 2008 | 20:32
Updated At:29 Sep, 2017 | 01:30

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.6HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.6
Base severity: HIGH
Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CPE Matches
The GNOME Project
gnome
>>evolution>>2.2.1
cpe:2.3:a:gnome:evolution:2.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30298PSIRT-CNA@flexerasoftware.com
Vendor Advisory
http://secunia.com/advisories/30527PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30536PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30564PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30571PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30702PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/advisories/30716PSIRT-CNA@flexerasoftware.com
N/A
http://secunia.com/secunia_research/2008-22/advisory/PSIRT-CNA@flexerasoftware.com
N/A
http://security.gentoo.org/glsa/glsa-200806-06.xmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:111PSIRT-CNA@flexerasoftware.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0514.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0515.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0516.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.redhat.com/support/errata/RHSA-2008-0517.htmlPSIRT-CNA@flexerasoftware.com
N/A
http://www.securityfocus.com/bid/29527PSIRT-CNA@flexerasoftware.com
N/A
http://www.securitytracker.com/id?1020169PSIRT-CNA@flexerasoftware.com
N/A
http://www.ubuntu.com/usn/usn-615-1PSIRT-CNA@flexerasoftware.com
N/A
http://www.vupen.com/english/advisories/2008/1732/referencesPSIRT-CNA@flexerasoftware.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42824PSIRT-CNA@flexerasoftware.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471PSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.htmlPSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.htmlPSIRT-CNA@flexerasoftware.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.htmlPSIRT-CNA@flexerasoftware.com
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30298
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/30527
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30536
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30564
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30571
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30702
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30716
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://secunia.com/secunia_research/2008-22/advisory/
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200806-06.xml
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:111
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0514.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0515.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0516.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0517.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/29527
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020169
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-615-1
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1732/references
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42824
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10471
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html
Source: PSIRT-CNA@flexerasoftware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

398Records found
CVE-2017-8635
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-57.97% / 98.09%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerMicrosoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8757
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-22.39% / 95.61%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8741
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-24.33% / 95.88%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerInternet Explorer, Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8672
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.63% / 94.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8607
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-21.95% / 95.56%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerWindows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8749
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-20.00% / 95.26%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10internet_explorerInternet Explorer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8518
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-24.01% / 95.82%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8606
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-21.95% / 95.56%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerMicrosoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8656
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-81.88% / 99.16%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8638
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.63% / 94.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8748
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-24.33% / 95.88%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerInternet Explorer, Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8755
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-76.98% / 98.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8653
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-21.95% / 95.56%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerInternet Explorer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8608
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-21.95% / 95.56%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerMicrosoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8751
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-54.00% / 97.92%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8671
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-81.88% / 99.16%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgewindows_10windows_server_2016n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8649
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.63% / 94.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8549
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-15.88% / 94.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8641
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-79.90% / 99.06%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1edgewindows_10internet_explorerMicrosoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8674
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.63% / 94.84%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Scripting Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-8604
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-20.53% / 95.35%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Windows 10 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11841
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-76.21% / 98.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.

Action-Not Available
Vendor-Microsoft Corporation
Product-chakracoreedgewindows_10windows_server_2016ChakraCore, Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3582
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-1.11% / 77.25%
||
7 Day CHG~0.00%
Published-28 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z600 devices, and Dell Precision M#### devices, allows local users to bypass intended BIOS signing requirements and install arbitrary BIOS images by leveraging administrative privileges and providing a crafted rbu_packet.pktNum value in conjunction with a crafted rbu_packet.pktSize value.

Action-Not Available
Vendor-n/aDell Inc.
Product-latitude_d830latitude_e5500precision_m6300latitude_d631precision_m6400latitude_e4200latitude_e6400latitude_d530latitude_d531precision_m2300precision_m4300latitude_z600precision_m6500latitude_xt2precision_m2400latitude_e5400latitude_e6400_atglatitude_e6500latitude_e4300latitude_d630latitude_e6400_atg_xfrprecision_m4400n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11811
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-73.99% / 98.78%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-chakracoreedgewindows_10windows_server_2016n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0930
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-9.63% / 92.58%
||
7 Day CHG~0.00%
Published-31 Jan, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-alphastorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0509
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-8.50% / 92.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_netcool_system_service_monitorstivoli_netcool_application_service_monitorsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0508
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.45% / 62.69%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in (1) hrfstable.idx, (2) hrdevice.idx, (3) hrstorage.idx, or (4) lotusmapfile in the SSM Config directory, or (5) .manifest.hive in the main agent directory.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_netcool_system_service_monitorstivoli_netcool_application_service_monitorsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0107
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.6||HIGH
EPSS-0.77% / 72.50%
||
7 Day CHG~0.00%
Published-26 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 might allow remote attackers to execute arbitrary code via a crafted document containing instructions that reconstruct a certain security cookie.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-foxit_advanced_pdf_editorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-3668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-17.90% / 94.88%
||
7 Day CHG~0.00%
Published-17 Jul, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Action-Not Available
Vendor-dynamic_universal_music_bibliothequen/a
Product-dumbn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-2439
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-7.6||HIGH
EPSS-18.65% / 95.02%
||
7 Day CHG~0.00%
Published-01 Jun, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

Action-Not Available
Vendor-zipcentraln/a
Product-zipcentraln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3375
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-26.76% / 96.16%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008internet_explorerwindows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-72.54% / 98.71%
||
7 Day CHG~0.00%
Published-28 Nov, 2006 | 01:00
Updated-07 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

Action-Not Available
Vendor-businessobjectsn/aMicrosoft Corporation
Product-visual_studio_.netcrystal_reports_xin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11807
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-24.37% / 95.89%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.

Action-Not Available
Vendor-Microsoft Corporation
Product-chakracoreedgewindows_10ChakraCore, Microsoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11858
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-24.18% / 95.86%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1chakracorewindows_rt_8.1edgewindows_10internet_explorerChakraCore, Microsoft Edge, Internet Explorer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0917
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-44.54% / 97.48%
||
7 Day CHG~0.00%
Published-03 Mar, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_server_2003windows_2000windows_2003_serverinternet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11886
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-17.40% / 94.80%
||
7 Day CHG~0.00%
Published-12 Dec, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10internet_explorerInternet Explorer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11839
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-76.21% / 98.88%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgewindows_10windows_server_2016n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0636
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunessafariwebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0638
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-1.17% / 77.76%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0639
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-1.17% / 77.76%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0637
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-08 Mar, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunessafariwebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2356
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.02% / 76.24%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2814
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.20% / 78.04%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3241
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.6||HIGH
EPSS-1.36% / 79.40%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2352
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.02% / 76.24%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2354
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.02% / 76.24%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-0138
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-16.01% / 94.51%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10windows_server_2016Browser
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2339
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.20% / 78.04%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistaitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2338
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.22% / 78.28%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistaitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2341
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-1.22% / 78.28%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-ituneswebkitn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found