Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1044

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Mar, 2009 | 14:00
Updated At-07 Aug, 2024 | 04:57
Rejected At-
Credits

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Mar, 2009 | 14:00
Updated At:07 Aug, 2024 | 04:57
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1021878
vdb-entry
x_refsource_SECTRACK
http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
x_refsource_MISC
http://twitter.com/tippingpoint1/status/1351635812
x_refsource_MISC
http://secunia.com/advisories/34510
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/34511
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
vendor-advisory
x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2009-0397.html
vendor-advisory
x_refsource_REDHAT
http://cansecwest.com/index.html
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/34505
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/34521
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-0398.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/archive/1/502303/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/34471
third-party-advisory
x_refsource_SECUNIA
http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-745-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/34527
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/34181
vdb-entry
x_refsource_BID
http://www.debian.org/security/2009/dsa-1756
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/34792
third-party-advisory
x_refsource_SECUNIA
http://news.cnet.com/8301-1009_3-10199652-83.html
x_refsource_MISC
http://blogs.zdnet.com/security/?p=2934
x_refsource_MISC
http://www.zerodayinitiative.com/advisories/ZDI-09-015
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
vdb-entry
signature
x_refsource_OVAL
http://osvdb.org/52896
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2009/0864
vdb-entry
x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
vendor-advisory
x_refsource_FEDORA
http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
x_refsource_MISC
http://secunia.com/advisories/34549
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/34550
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
x_refsource_CONFIRM
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
x_refsource_MISC
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.mozilla.org/show_bug.cgi?id=484320
x_refsource_CONFIRM
http://blogs.zdnet.com/security/?p=2941
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id?1021878
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
Resource:
x_refsource_MISC
Hyperlink: http://twitter.com/tippingpoint1/status/1351635812
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/34510
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/34511
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0397.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://cansecwest.com/index.html
Resource:
x_refsource_MISC
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/34505
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/34521
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0398.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/archive/1/502303/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/34471
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/usn-745-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/34527
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/34181
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2009/dsa-1756
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/34792
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://news.cnet.com/8301-1009_3-10199652-83.html
Resource:
x_refsource_MISC
Hyperlink: http://blogs.zdnet.com/security/?p=2934
Resource:
x_refsource_MISC
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-09-015
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://osvdb.org/52896
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2009/0864
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/34549
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/34550
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
Resource:
x_refsource_MISC
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=484320
Resource:
x_refsource_CONFIRM
Hyperlink: http://blogs.zdnet.com/security/?p=2941
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1021878
vdb-entry
x_refsource_SECTRACK
x_transferred
http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
x_refsource_MISC
x_transferred
http://twitter.com/tippingpoint1/status/1351635812
x_refsource_MISC
x_transferred
http://secunia.com/advisories/34510
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/34511
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0397.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://cansecwest.com/index.html
x_refsource_MISC
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/34505
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/34521
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0398.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/archive/1/502303/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/34471
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/usn-745-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/34527
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/34181
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2009/dsa-1756
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/34792
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://news.cnet.com/8301-1009_3-10199652-83.html
x_refsource_MISC
x_transferred
http://blogs.zdnet.com/security/?p=2934
x_refsource_MISC
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-09-015
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://osvdb.org/52896
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2009/0864
vdb-entry
x_refsource_VUPEN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
x_refsource_MISC
x_transferred
http://secunia.com/advisories/34549
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/34550
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
x_refsource_CONFIRM
x_transferred
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
x_refsource_MISC
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=484320
x_refsource_CONFIRM
x_transferred
http://blogs.zdnet.com/security/?p=2941
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021878
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://twitter.com/tippingpoint1/status/1351635812
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/34510
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/34511
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0397.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://cansecwest.com/index.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/34505
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/34521
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0398.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/502303/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/34471
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-745-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/34527
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34181
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1756
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/34792
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://news.cnet.com/8301-1009_3-10199652-83.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://blogs.zdnet.com/security/?p=2934
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-09-015
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://osvdb.org/52896
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/0864
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/34549
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/34550
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=484320
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://blogs.zdnet.com/security/?p=2941
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Mar, 2009 | 14:19
Updated At:10 Oct, 2018 | 19:32

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>3.0.7
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.zdnet.com/security/?p=2934cve@mitre.org
N/A
http://blogs.zdnet.com/security/?p=2941cve@mitre.org
N/A
http://cansecwest.com/index.htmlcve@mitre.org
N/A
http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009cve@mitre.org
N/A
http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploitscve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.htmlcve@mitre.org
N/A
http://news.cnet.com/8301-1009_3-10199652-83.htmlcve@mitre.org
N/A
http://osvdb.org/52896cve@mitre.org
N/A
http://secunia.com/advisories/34471cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34505cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34510cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34511cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34521cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34527cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34549cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34550cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/34792cve@mitre.org
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-113.htmcve@mitre.org
N/A
http://twitter.com/tippingpoint1/status/1351635812cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1756cve@mitre.org
N/A
http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:084cve@mitre.org
N/A
http://www.mozilla.org/security/announce/2009/mfsa2009-13.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0397.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-0398.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/502303/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/34181cve@mitre.org
Patch
http://www.securitytracker.com/id?1021878cve@mitre.org
N/A
http://www.ubuntu.com/usn/usn-745-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/0864cve@mitre.org
Patch
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-015cve@mitre.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=484320cve@mitre.org
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.htmlcve@mitre.org
N/A
Hyperlink: http://blogs.zdnet.com/security/?p=2934
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://blogs.zdnet.com/security/?p=2941
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cansecwest.com/index.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://news.cnet.com/8301-1009_3-10199652-83.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/52896
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/34471
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34505
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34510
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34511
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34521
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34527
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34549
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34550
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/34792
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://twitter.com/tippingpoint1/status/1351635812
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1756
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:084
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0397.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0398.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/502303/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34181
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1021878
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-745-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/0864
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-09-015
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=484320
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11368
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3885Records found
CVE-2008-1088
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.73% / 98.04%
||
7 Day CHG~0.00%
Published-08 Apr, 2008 | 23:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-projectn/a
CWE ID-CWE-399
Not Available
CVE-2008-0121
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.48% / 98.22%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 00:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpoint_viewern/a
CWE ID-CWE-399
Not Available
CVE-2008-0120
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-68.55% / 98.55%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 00:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpoint_viewern/a
CWE ID-CWE-399
Not Available
CVE-2008-0109
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.78% / 98.00%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 22:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficen/a
CWE ID-CWE-399
Not Available
CVE-2008-0412
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-8.85% / 92.18%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-0413
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-6.09% / 90.40%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-0419
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-18.69% / 95.03%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-0103
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.52% / 97.98%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-399
Not Available
CVE-2007-6053
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.43% / 62.00%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 20:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

Action-Not Available
Vendor-unixn/aIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsunixlinux_kerneldb2_universal_databasen/a
CWE ID-CWE-399
Not Available
CVE-2007-3902
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.67% / 97.85%
||
7 Day CHG~0.00%
Published-12 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-189
Not Available
CWE ID-CWE-399
Not Available
CVE-2007-2884
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-54.05% / 97.92%
||
7 Day CHG~0.00%
Published-30 May, 2007 | 01:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_basicn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-399
Not Available
CVE-2007-1747
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-72.19% / 98.69%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-399
Not Available
CVE-2007-1754
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.21% / 98.29%
||
7 Day CHG~0.00%
Published-10 Jul, 2007 | 22:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-399
Not Available
CVE-2007-0947
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.36% / 97.97%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_xpwindows_vistawindows_2003_servern/a
CWE ID-CWE-399
Not Available
CVE-2009-1531
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-65.90% / 98.44%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_xpwindows_server_2003windows_server_2008n/a
CWE ID-CWE-399
Not Available
CVE-2009-1530
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-67.01% / 98.49%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_server_2003windows_2000n/a
CWE ID-CWE-399
Not Available
CVE-2009-0076
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-65.89% / 98.44%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 22:13
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_xpwindows_server_2003windows_server_2008n/a
CWE ID-CWE-399
Not Available
CVE-2009-0096
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.77% / 98.18%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 22:13
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-vision/a
CWE ID-CWE-399
Not Available
CVE-2009-0102
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-47.22% / 97.60%
||
7 Day CHG-18.21%
Published-09 Dec, 2009 | 18:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_projectproject_portfolio_serverproject_servern/a
CWE ID-CWE-399
Not Available
CVE-2009-0098
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.78% / 98.18%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 22:13
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-399
Not Available
CVE-2008-5013
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-23.92% / 95.81%
||
7 Day CHG~0.00%
Published-13 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2008-4264
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.48% / 98.30%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeoffice_excel20007_office_systemoffice_compatibility_pack_for_word_excel_ppt_2007office_excel_viewern/a
CWE ID-CWE-399
Not Available
CVE-2008-4031
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.89% / 98.19%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_word_vieweroffice_wordopen_xml_file_format_converterofficeoffice_outlookworksoffice_systemoffice_compatibility_pack_for_word_excel_ppt_2007n/a
CWE ID-CWE-399
Not Available
CVE-2011-0618
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-6.13% / 90.43%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CVE-2011-1253
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-15.89% / 94.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7windows_xpwindows_server_2008windows_server_2003silverlightwindows_2003_serverwindows_vistan/a
CVE-2011-1345
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-47.82% / 97.63%
||
7 Day CHG~0.00%
Published-10 Mar, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7internet_explorern/a
CVE-2011-0619
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.85% / 90.20%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0621
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.85% / 90.20%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1508
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-28.10% / 96.30%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-1251
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-40.56% / 97.26%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2011-1462
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.31% / 86.72%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24096
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.92% / 75.02%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-23 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects Heap-based Buffer Overflow Arbitrary code execution

Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosafter_effectsAfter Effects
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0656
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.76% / 98.08%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-powerpoint_web_appofficeoffice_powerpoint_viewerpowerpoint_viewerpowerpointopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0627
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-7.86% / 91.64%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0664
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-19.10% / 95.11%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7windows_xpwindows_server_2008windows_server_2003silverlightwindows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1255
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-67.03% / 98.49%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2011-1270
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-35.49% / 96.93%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-powerpointn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1279
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.53% / 97.42%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1256
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-45.46% / 97.52%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2011-1269
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-49.50% / 97.72%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converteroffice_compatibility_packofficepowerpointn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2821
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-18.90% / 95.07%
||
7 Day CHG~0.00%
Published-12 Aug, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-81.36% / 99.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packofficeexcelexcel_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-23.91% / 95.81%
||
7 Day CHG~0.00%
Published-05 Mar, 2007 | 22:00
Updated-07 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-quicktimewindowsn/a
CWE ID-CWE-189
Not Available
CVE-2011-0623
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.61% / 88.83%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24091
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-7.10% / 91.16%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 17:59
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2011-0980
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-62.61% / 98.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CVE-2011-1277
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.20% / 97.75%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2211
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-12.52% / 93.67%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2212.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24102
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.00% / 89.30%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 17:06
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2011-0663
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.52% / 95.63%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-jscriptwindows_7windows_xpvbscriptwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 77
  • 78
  • Next
Details not found