Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3919

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Sep, 2008 | 18:00
Updated At-07 Aug, 2024 | 10:00
Rejected At-
Credits

Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Sep, 2008 | 18:00
Updated At:07 Aug, 2024 | 10:00
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/2447
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/30828
vdb-entry
x_refsource_BID
http://secunia.com/advisories/31603
third-party-advisory
x_refsource_SECUNIA
http://www.justsystems.com/jp/info/pd8002.html
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/44681
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1020748
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2008/2447
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/30828
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/31603
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.justsystems.com/jp/info/pd8002.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44681
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1020748
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2008/2447
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/30828
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/31603
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.justsystems.com/jp/info/pd8002.html
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/44681
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1020748
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2447
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/30828
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/31603
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.justsystems.com/jp/info/pd8002.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44681
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1020748
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Sep, 2008 | 18:41
Updated At:08 Aug, 2017 | 01:32

Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
justsystems
justsystems
>>ichitaro>>*
cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/31603cve@mitre.org
Vendor Advisory
http://www.justsystems.com/jp/info/pd8002.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/30828cve@mitre.org
N/A
http://www.securitytracker.com/id?1020748cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/2447cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44681cve@mitre.org
N/A
Hyperlink: http://secunia.com/advisories/31603
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.justsystems.com/jp/info/pd8002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/30828
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1020748
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2447
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44681
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

525Records found
CVE-2013-0707
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-3.50% / 87.34%
||
7 Day CHG~0.00%
Published-01 Mar, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichitaro Government 2006 and 2007, Ichitaro Portable with oreplug, Hanako 2006 through 2013, Hanako Police, Hanako Police 3, and Hanako Police 2010 allows remote attackers to execute arbitrary code via a crafted file.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaroichitaro_portablehanakohanako_police3hanako_policen/a
CVE-2012-0269
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-8.68% / 92.27%
||
7 Day CHG~0.00%
Published-27 Apr, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro4, Shuriken 2007 through 2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 through CE/2009 Corporate Edition, Shuriken 2010 Corporate Edition, Rekishimail Sengokubusho no missho, and Bakumatsushishi no missho allows remote attackers to execute arbitrary code via a crafted image file.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaro_viewerrekishimail_bakumatsushishi_no_misshojust_jumpjust_frontierichitarooreplugshurikenichitaro_portable_with_oreplugjust_schoolrekishimail_sengokubusho_no_misshoshuriken_pron/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3916
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-14.90% / 94.37%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaron/a
CVE-2010-1424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.87% / 89.32%
||
7 Day CHG~0.00%
Published-15 Apr, 2010 | 21:12
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaron/a
CVE-2009-4737
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.00% / 86.26%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaroichitaro_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2152
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-15.10% / 94.41%
||
7 Day CHG~0.00%
Published-03 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document.

Action-Not Available
Vendor-justsystemsn/a
Product-just_schoolichitaron/a
CVE-2013-5990
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-5.13% / 89.63%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; Ichitaro Pro; Ichitaro Pro 2 and Pro 2 Trial Edition; Ichitaro Viewer; and Ichitaro Portable with oreplug allows remote attackers to execute arbitrary code via a crafted document.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaro_proichitaroichitaro_viewerichitaro_portable_with_oreplugn/a
CVE-2011-1331
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-3.97% / 88.12%
||
7 Day CHG~0.00%
Published-18 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaroichitaro_portableichitaro_proichitaro_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3915
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.3||HIGH
EPSS-11.61% / 93.48%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.

Action-Not Available
Vendor-justsystemsn/a
Product-ichitaron/a
CVE-2013-3906
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-92.54% / 99.73%
||
7 Day CHG~0.00%
Published-06 Nov, 2013 | 11:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-15||Apply updates per vendor instructions.

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officewindows_server_2008powerpoint_viewerlyncexcel_viewerwindows_vistaword_vieweroffice_compatibility_packn/aGraphics Component
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3171
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-8.61% / 92.23%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3145
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3149
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3151
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.23%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3146
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-15.37% / 94.47%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3153
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3148
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3150
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3174
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-34.92% / 96.91%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_8windows_server_2008windows_vistawindows_server_2003windows_server_2012windows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3132
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-7.06% / 91.31%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-1028
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-33.42% / 96.81%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2010office_web_appsofficeexcel_servicesword_automation_servicessharepoint_enterprise_serverMicrosoft OfficeWordExcelMicrosoft SharePointMicrosoft SharePoint Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3178
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.95% / 98.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-silverlightn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3131
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.67% / 97.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworksilverlightn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3127
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-35.51% / 96.95%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_media_format_runtimewindows_media_playern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3129
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-51.65% / 97.82%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_studio_.netwindows_rtwindows_7windows_8windows_server_2008lynclync_basic.net_frameworksilverlightwindows_vistaofficewindows_server_2003windows_server_2012windows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3152
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-15.37% / 94.47%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-3162
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-10.95% / 93.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-2817
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-35.79% / 96.97%
||
7 Day CHG~0.00%
Published-24 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-mc-worx_suiten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-2135
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-83.46% / 99.25%
||
7 Day CHG~0.00%
Published-16 Jul, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-2115
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-89.76% / 99.55%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1966
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-90.95% / 99.62%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1965
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-91.50% / 99.65%
||
7 Day CHG~0.00%
Published-10 Jul, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsstruts2-showcasen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-2134
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-92.20% / 99.70%
||
7 Day CHG~0.00%
Published-16 Jul, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1335
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.93% / 97.98%
||
7 Day CHG~0.00%
Published-15 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordword_viewern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-82.22% / 99.19%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2003windows_xpwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.55% / 88.93%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1323
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.93% / 97.98%
||
7 Day CHG~0.00%
Published-15 May, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1688
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.20% / 78.56%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0758
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-87.37% / 99.44%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationRed Hat, Inc.openSUSE
Product-enterprise_linux_desktopenterprise_linux_server_auslinux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrenterprise_linux_eusseamonkeyenterprise_linux_workstationthunderbirdlinux_enterprise_desktopfirefoxopensuseenterprise_linux_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-25.42% / 96.08%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1296
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-53.98% / 97.94%
||
7 Day CHG~0.00%
Published-09 Apr, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-remote_desktop_connectionn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-6465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.79% / 87.81%
||
7 Day CHG~0.00%
Published-02 Jan, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0077
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-53.39% / 97.91%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2003windows_xpwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-6535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.36% / 89.86%
||
7 Day CHG~0.00%
Published-02 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.

Action-Not Available
Vendor-djvulibre_projectn/a
Product-djvulibren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0007
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-27.20% / 96.27%
||
7 Day CHG~0.00%
Published-09 Jan, 2013 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_8windows_server_2003windows_vistawindows_server_2012office_compatibility_packwindows_xpwindows_rtexpression_webxml_core_serviceswindows_7groove_serverofficewindows_server_2008word_viewersharepoint_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-4781
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-49.41% / 97.71%
||
7 Day CHG~0.00%
Published-12 Dec, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-0745
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-3.15% / 86.59%
||
7 Day CHG~0.00%
Published-13 Jan, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Mozilla CorporationopenSUSE
Product-linux_enterprise_serverlinux_enterprise_software_development_kitubuntu_linuxthunderbird_esrseamonkeythunderbirdlinux_enterprise_desktopfirefoxopensusen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5690
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.38% / 87.10%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

Action-Not Available
Vendor-n/aRealNetworks LLC
Product-realplayerrealplayer_spn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-4864
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.46% / 95.57%
||
7 Day CHG~0.00%
Published-06 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.

Action-Not Available
Vendor-oreansn/a
Product-winlicensen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-4774
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.08% / 98.22%
||
7 Day CHG~0.00%
Published-12 Dec, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_vistawindows_xpwindows_7windows_server_2008n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found