Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-3874

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Nov, 2009 | 16:00
Updated At-07 Aug, 2024 | 06:45
Rejected At-
Credits

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Nov, 2009 | 16:00
Updated At:07 Aug, 2024 | 06:45
Rejected At:
▼CVE Numbering Authority (CNA)

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=126566824131534&w=2
vendor-advisory
x_refsource_HP
http://www.securityfocus.com/bid/36881
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT3970
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT3969
x_refsource_CONFIRM
http://zerodayinitiative.com/advisories/ZDI-09-080/
x_refsource_MISC
http://marc.info/?l=bugtraq&m=131593453929393&w=2
vendor-advisory
x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml
vendor-advisory
x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html
vendor-advisory
x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
vdb-entry
signature
x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/37231
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2
vendor-advisory
x_refsource_HP
http://securitytracker.com/id?1023132
vdb-entry
x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=131593453929393&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
vendor-advisory
x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
vendor-advisory
x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/3131
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
vendor-advisory
x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/37581
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html
x_refsource_CONFIRM
http://secunia.com/advisories/37841
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/37239
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/37386
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securityfocus.com/bid/36881
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://support.apple.com/kb/HT3970
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://support.apple.com/kb/HT3969
Resource:
x_refsource_CONFIRM
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-09-080/
Resource:
x_refsource_MISC
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://security.gentoo.org/glsa/glsa-200911-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1694.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/37231
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://securitytracker.com/id?1023132
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.vupen.com/english/advisories/2009/3131
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/37581
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://java.sun.com/javase/6/webnotes/6u17.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/37841
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/37239
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/37386
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://marc.info/?l=bugtraq&m=126566824131534&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securityfocus.com/bid/36881
vdb-entry
x_refsource_BID
x_transferred
http://support.apple.com/kb/HT3970
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://support.apple.com/kb/HT3969
x_refsource_CONFIRM
x_transferred
http://zerodayinitiative.com/advisories/ZDI-09-080/
x_refsource_MISC
x_transferred
http://marc.info/?l=bugtraq&m=131593453929393&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://security.gentoo.org/glsa/glsa-200911-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1694.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/37231
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=126566824131534&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://securitytracker.com/id?1023132
vdb-entry
x_refsource_SECTRACK
x_transferred
http://marc.info/?l=bugtraq&m=131593453929393&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.vupen.com/english/advisories/2009/3131
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/37581
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
x_refsource_CONFIRM
x_transferred
http://java.sun.com/javase/6/webnotes/6u17.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/37841
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/37239
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/37386
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securityfocus.com/bid/36881
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://support.apple.com/kb/HT3970
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://support.apple.com/kb/HT3969
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-09-080/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200911-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1694.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/37231
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://securitytracker.com/id?1023132
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3131
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/37581
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://java.sun.com/javase/6/webnotes/6u17.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/37841
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/37239
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/37386
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Nov, 2009 | 16:30
Updated At:30 Oct, 2018 | 16:25

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.5.0
cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.5.0
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 Resolution CR 6854303, 6862970, 6872357, 6872358, and 6862969 are addressed in the following releases: Java SE for Windows, Solaris, and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later Java SE for Solaris: * SDK and JRE 1.4.2_24 or later Java SE for Windows: * SDK and JRE 1.3.1_27 or later Java SE for Business for Windows, Solaris and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later * SDK and JRE 1.4.2_24 or later The issues described in CR 6874643 and 6862968 are addressed in the following releases: Java SE for Windows, Solaris, and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later Java SE for Solaris: * SDK and JRE 1.4.2_24 or later Java SE for Business for Windows, Solaris and Linux: * JDK and JRE 6 Update 17 or later * JDK and JRE 5.0 Update 22 or later * SDK and JRE 1.4.2_24 or later Java SE releases are available at: JDK and JRE 6 Update 17: * http://java.sun.com/javase/downloads/index.jsp JRE 6 Update 17: * http://java.com/ * Through the Java Update tool for Microsoft Windows users JDK 6 Update 17 for Solaris is available in the following patches: * Java SE 6: update 17 (as delivered in patch 125136-18) * Java SE 6: update 17 (as delivered in patch 125137-18 (64bit)) * Java SE 6_x86: update 17 (as delivered in patch 125138-18) * Java SE 6_x86: update 17 (as delivered in patch 125139-18 (64bit)) JDK and JRE 5.0 Update 22: * http://java.sun.com/javase/downloads/index_jdk5.jsp JDK 5.0 Update 22 for Solaris is available in the following patches: * J2SE 5.0: update 22 (as delivered in patch 118666-24) * J2SE 5.0: update 22 (as delivered in patch 118667-24 (64bit)) * J2SE 5.0_x86: update 22 (as delivered in patch 118668-24) * J2SE 5.0_x86: update 22 (as delivered in patch 118669-24 (64bit)) Java SE for Business releases are available at: * http://www.sun.com/software/javaseforbusiness/getit_download.jsp

Vendor Statements
References
HyperlinkSourceResource
http://java.sun.com/javase/6/webnotes/6u17.htmlcve@mitre.org
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=126566824131534&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=131593453929393&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=134254866602253&w=2cve@mitre.org
N/A
http://secunia.com/advisories/37231cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/37239cve@mitre.org
N/A
http://secunia.com/advisories/37386cve@mitre.org
N/A
http://secunia.com/advisories/37581cve@mitre.org
N/A
http://secunia.com/advisories/37841cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200911-02.xmlcve@mitre.org
N/A
http://securitytracker.com/id?1023132cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1cve@mitre.org
Patch
Vendor Advisory
http://support.apple.com/kb/HT3969cve@mitre.org
N/A
http://support.apple.com/kb/HT3970cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-1694.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/36881cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/3131cve@mitre.org
Patch
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-09-080/cve@mitre.org
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603cve@mitre.org
N/A
Hyperlink: http://java.sun.com/javase/6/webnotes/6u17.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=126566824131534&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=131593453929393&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37231
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/37239
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37386
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37581
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37841
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200911-02.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023132
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3969
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3970
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1694.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/36881
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3131
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-09-080/
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11566
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12057
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7442
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8603
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3580Records found
CVE-2009-3872
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-13.02% / 93.82%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Microsoft Corporation
Product-solarisjrejava_sewindowsjdksdkn/a
CVE-2009-3674
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.04% / 98.25%
||
7 Day CHG~0.00%
Published-09 Dec, 2009 | 18:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_7windows_server_2003windows_2000n/a
CWE ID-CWE-399
Not Available
CVE-2021-34439
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.38% / 79.51%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 1607Windows 10 Version 1507Windows Server 2016 (Server Core installation)Windows Server 2016
CVE-2009-3866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.66% / 90.01%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CWE ID-CWE-264
Not Available
CVE-2016-4246
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.61% / 87.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4245.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-3869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-78.48% / 98.99%
||
7 Day CHG~0.00%
Published-05 Nov, 2009 | 16:00
Updated-07 Aug, 2024 | 06:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Microsoft Corporation
Product-solarisjrejava_sewindowsjdksdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1120
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-34.67% / 96.87%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:11
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2009-2512
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-48.71% / 97.67%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-21 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-4166
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.19% / 83.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-3282
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_apps_serverword_for_macoffice_web_appsoffice_online_serverword_vieweroffice_compatibility_packsharepoint_serverword_rtofficewordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1117
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-40.08% / 97.23%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:11
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2016-3365
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-21.70% / 95.52%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_online_serveroffice_compatibility_packexcelexcel_viewersharepoint_designern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2531
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-42.15% / 97.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_7windows_server_2003windows_2000n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2514
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-81.82% / 99.15%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_2000windows_2003_serverwindows_xpwindows_server_2008n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2496
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.26% / 98.26%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 17:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_web_componentsvisual_studio_.netinternet_security_and_acceleration_serverbiztalk_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1057
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.43% / 88.62%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MS XML Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2009-2529
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-26.34% / 96.11%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-21 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_7windows_server_2003windows_2000n/aie
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-34448
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.06% / 83.19%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Scripting Engine Memory Corruption Vulnerability

Scripting Engine Memory Corruption Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_2004windows_10_1809windows_10_1909windows_7windows_10_21h1windows_10_20h2windows_10_1607windows_8.1windows_rt_8.1windows_10_1507windows_server_2019windows_server_2008windows_server_2016Windows 10 Version 1809Windows Server 2016Windows 10 Version 1507Windows 10 Version 1607Windows 7Windows 7 Service Pack 1Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2019Windows 10 Version 1909Windows Server 2012 R2Windows 8.1Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-2497
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-34.90% / 96.89%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_server_2008windows_xpwindows_7windows_server_2003.net_frameworkwindows_2000n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2528
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.23% / 97.41%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerreport_viewerforefront_client_securityvisual_studio_.netexpression_webwindows_xpoffice_grooveoffice_compatibility_packoffice_excel_viewer.net_frameworkwindows_2000sql_servervisual_foxprooffice_word_viewervisiowindows_vistaword_viewervisual_studioofficewindows_2003_serveroffice_powerpoint_viewerexcel_viewerworkssql_server_reporting_servicesplatform_sdkwindows_server_2008projectn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-1121
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-34.67% / 96.87%
||
7 Day CHG~0.00%
Published-29 Jul, 2019 | 14:11
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2009-2530
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-42.15% / 97.35%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_7windows_server_2003windows_2000n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2519
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-37.43% / 97.07%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2507
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-46.10% / 97.56%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_2000n/a
CVE-2016-3265
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.11% / 95.97%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3269.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4186
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.09% / 88.12%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33740
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.30% / 78.90%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:53
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Remote Code Execution Vulnerability

Windows Media Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1507Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2019
CVE-2016-3338
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2493
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-47.80% / 97.63%
||
7 Day CHG~0.00%
Published-29 Jul, 2009 | 17:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_c\+\+windows_vistawindows_server_2008visual_studiowindows_2003_serverwindows_xpwindows_2000n/a
CWE ID-CWE-264
Not Available
CVE-2016-4142
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.70% / 87.49%
||
7 Day CHG+1.52%
Published-16 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Action-Not Available
Vendor-n/aAdobe Inc.openSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCApple Inc.Microsoft Corporation
Product-chrome_osenterprise_linux_serverlinux_kernelmacoslinux_enterprise_desktopwindows_8.1windows_10flash_playeropensuseflash_player_desktop_runtimeenterprise_linux_desktopwindows_rt_8.1windowsenterprise_linux_workstationlinux_enterprise_workstation_extensionwindows_server_2012n/a
CVE-2019-0845
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.10% / 95.58%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2016-3283
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0728
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-11.57% / 93.38%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CVE-2009-2139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-23.77% / 95.79%
||
7 Day CHG~0.00%
Published-08 Sep, 2009 | 23:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-openoffice.orgn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0945
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.72% / 93.44%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 17:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windows_vistasafariwindows_xpmac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-0822
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-25.64% / 96.03%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeMicrosoft OfficeOffice 365 ProPlus
CVE-2019-0909
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.19% / 91.22%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CVE-2021-31956
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-87.88% / 99.44%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Windows NTFS Elevation of Privilege Vulnerability

Windows NTFS Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_20h2windows_10_21h1windows_10_1909windows_server_2016windows_server_2019windows_server_2008windows_10_20h2windows_server_2004windows_server_2012windows_10_1607windows_10windows_10_2004windows_rt_8.1windows_10_1507windows_8.1windows_7windows_10_1809Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2019Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 2004Windows 10 Version 21H1Windows Server version 2004Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-0905
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.11% / 92.81%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CVE-2016-3203
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-49.16% / 97.70%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2012windows_8.1edgewindows_10n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3303
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-49.40% / 97.71%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-live_meetingwindows_7windows_server_2008word_viewerlyncskype_for_businesswindows_vistaofficen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3214
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.46% / 95.33%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0675
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.34% / 96.62%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office
CVE-2016-3333
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0847
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-25.48% / 96.01%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:18
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2009-1044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.12% / 92.35%
||
7 Day CHG~0.00%
Published-23 Mar, 2009 | 14:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-firefoxwindows_7n/a
CWE ID-CWE-399
Not Available
CVE-2009-1538
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-64.49% / 98.38%
||
7 Day CHG~0.00%
Published-15 Jul, 2009 | 15:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-directxwindows_xpwindows_2000windows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1128
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-59.15% / 98.16%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 22:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpointn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1537
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-65.80% / 98.44%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 18:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_server_2003directxwindows_2000n/a
CVE-2009-1529
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-57.31% / 98.06%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 18:00
Updated-21 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_server_2008windows_xpwindows_server_2003windows_2000n/aie
CWE ID-CWE-908
Use of Uninitialized Resource
CWE ID-CWE-399
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 71
  • 72
  • Next
Details not found