Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-1770

Summary
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
Published At-11 Jun, 2010 | 19:00
Updated At-07 Aug, 2024 | 01:35
Rejected At-
Credits

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apple
Assigner Org ID:286789f9-fbc2-4510-9f9a-43facdede74c
Published At:11 Jun, 2010 | 19:00
Updated At:07 Aug, 2024 | 01:35
Rejected At:
▼CVE Numbering Authority (CNA)

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
vendor-advisory
x_refsource_MANDRIVA
http://support.apple.com/kb/HT4220
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/2722
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
vendor-advisory
x_refsource_APPLE
http://zerodayinitiative.com/advisories/ZDI-10-093/
x_refsource_MISC
http://support.apple.com/kb/HT4334
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1006-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/41856
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/40072
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/40196
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/40105
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1373
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/42314
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1512
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/40620
vdb-entry
x_refsource_BID
http://code.google.com/p/chromium/issues/detail?id=43487
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0552
vdb-entry
x_refsource_VUPEN
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
http://securitytracker.com/id?1024067
vdb-entry
x_refsource_SECTRACK
http://support.apple.com/kb/HT4196
x_refsource_CONFIRM
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
vdb-entry
signature
x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://support.apple.com/kb/HT4220
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/2722
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-10-093/
Resource:
x_refsource_MISC
Hyperlink: http://support.apple.com/kb/HT4334
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-1006-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/41856
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/40072
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/40196
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/40105
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1373
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/42314
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/40620
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=43487
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0552
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://support.apple.com/kb/HT4456
Resource:
x_refsource_CONFIRM
Hyperlink: http://securitytracker.com/id?1024067
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://support.apple.com/kb/HT4196
Resource:
x_refsource_CONFIRM
Hyperlink: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://support.apple.com/kb/HT4220
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/2722
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://zerodayinitiative.com/advisories/ZDI-10-093/
x_refsource_MISC
x_transferred
http://support.apple.com/kb/HT4334
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-1006-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/41856
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/40072
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/40196
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/40105
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1373
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/42314
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1512
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/40620
vdb-entry
x_refsource_BID
x_transferred
http://code.google.com/p/chromium/issues/detail?id=43487
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0552
vdb-entry
x_refsource_VUPEN
x_transferred
http://support.apple.com/kb/HT4456
x_refsource_CONFIRM
x_transferred
http://securitytracker.com/id?1024067
vdb-entry
x_refsource_SECTRACK
x_transferred
http://support.apple.com/kb/HT4196
x_refsource_CONFIRM
x_transferred
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://support.apple.com/kb/HT4220
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2722
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-10-093/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.apple.com/kb/HT4334
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1006-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/41856
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/40072
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/40196
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/40105
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1373
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/42314
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/40620
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=43487
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0552
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://support.apple.com/kb/HT4456
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securitytracker.com/id?1024067
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://support.apple.com/kb/HT4196
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@apple.com
Published At:11 Jun, 2010 | 19:30
Updated At:29 Apr, 2026 | 01:13

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>safari>>Versions up to 4.0.5(inclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>webkit>>*
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.0
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.1
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.2
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.3
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.5
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.6
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.7
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.5.8
cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.0
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.1
cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.2
cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.6.3
cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.0
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.1
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.2
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.3
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.4
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.5
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.6
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.7
cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.5.8
cpe:2.3:o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.0
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.1
cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.2
cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.6.3
cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>Versions up to 4.0.5(inclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>webkit>>*
cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4
cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.0
cpe:2.3:o:apple:mac_os_x:10.4.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.1
cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.2
cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.3
cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.4
cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.5
cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.6
cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.7
cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.8
cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.9
cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.10
cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>10.4.11
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x_server>>10.4
cpe:2.3:o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://code.google.com/p/chromium/issues/detail?id=43487product-security@apple.com
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.htmlproduct-security@apple.com
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.htmlproduct-security@apple.com
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlproduct-security@apple.com
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.htmlproduct-security@apple.com
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.htmlproduct-security@apple.com
Mailing List
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlproduct-security@apple.com
Mailing List
Third Party Advisory
http://secunia.com/advisories/40072product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/40105product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/40196product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/41856product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/42314product-security@apple.com
Third Party Advisory
http://secunia.com/advisories/43068product-security@apple.com
Third Party Advisory
http://securitytracker.com/id?1024067product-security@apple.com
Third Party Advisory
VDB Entry
http://support.apple.com/kb/HT4196product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT4220product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT4334product-security@apple.com
Vendor Advisory
http://support.apple.com/kb/HT4456product-security@apple.com
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039product-security@apple.com
Third Party Advisory
http://www.securityfocus.com/bid/40620product-security@apple.com
Patch
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1006-1product-security@apple.com
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1373product-security@apple.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1512product-security@apple.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722product-security@apple.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212product-security@apple.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552product-security@apple.com
Permissions Required
Third Party Advisory
http://zerodayinitiative.com/advisories/ZDI-10-093/product-security@apple.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099product-security@apple.com
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=43487af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://secunia.com/advisories/40072af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/40105af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/40196af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/41856af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/42314af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/43068af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securitytracker.com/id?1024067af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://support.apple.com/kb/HT4196af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT4220af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT4334af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT4456af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/40620af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1006-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1373af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1512af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2722af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0552af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Third Party Advisory
http://zerodayinitiative.com/advisories/ZDI-10-093/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=43487
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Source: product-security@apple.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: product-security@apple.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
Source: product-security@apple.com
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Source: product-security@apple.com
Resource:
Mailing List
Patch
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: product-security@apple.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40072
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40105
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40196
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/41856
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42314
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43068
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://securitytracker.com/id?1024067
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://support.apple.com/kb/HT4196
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4220
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4334
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4456
Source: product-security@apple.com
Resource:
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/40620
Source: product-security@apple.com
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1006-1
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1373
Source: product-security@apple.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Source: product-security@apple.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2722
Source: product-security@apple.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: product-security@apple.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0552
Source: product-security@apple.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-10-093/
Source: product-security@apple.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
Source: product-security@apple.com
Resource:
Third Party Advisory
Hyperlink: http://code.google.com/p/chromium/issues/detail?id=43487
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40072
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40105
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/40196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/41856
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42314
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/43068
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://securitytracker.com/id?1024067
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://support.apple.com/kb/HT4196
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4220
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4334
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT4456
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/40620
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1006-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1373
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1512
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/2722
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0552
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://zerodayinitiative.com/advisories/ZDI-10-093/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

5713Records found
CVE-2006-1303
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.75% / 98.01%
||
7 Day CHG~0.00%
Published-13 Jun, 2006 | 19:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1316
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-40.18% / 97.45%
||
7 Day CHG~0.00%
Published-11 Jul, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1304
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.61% / 97.61%
||
7 Day CHG~0.00%
Published-13 Jul, 2006 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excel_viewerexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1318
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-18.94% / 95.48%
||
7 Day CHG~0.00%
Published-19 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1359
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-87.60% / 99.48%
||
7 Day CHG~0.00%
Published-23 Mar, 2006 | 00:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-1323
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.93% / 98.10%
||
7 Day CHG~0.00%
Published-15 May, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-1028
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-33.42% / 97.04%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2010office_web_appsofficeexcel_servicesword_automation_servicessharepoint_enterprise_serverMicrosoft OfficeWordExcelMicrosoft SharePointMicrosoft SharePoint Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-8759
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-93.95% / 99.89%
||
7 Day CHG-0.01%
Published-13 Sep, 2017 | 01:00
Updated-22 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_8.1windows_server_2008windows_10_1511windows_10_1607.net_frameworkwindows_10_1703windows_10_1507windows_server_2016windows_rt_8.1windows_server_2012Microsoft .NET Framework.NET Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1878
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.97% / 98.02%
||
7 Day CHG~0.00%
Published-12 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1524
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-51.86% / 97.97%
||
7 Day CHG~0.00%
Published-10 Jul, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_vistawindows_7windows_server_2008n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0002
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-87.38% / 99.48%
||
7 Day CHG~0.00%
Published-13 Mar, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0170
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.45% / 98.25%
||
7 Day CHG~0.00%
Published-10 Apr, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-0015
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.28% / 98.16%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xp.net_frameworkwindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1251
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.20%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-0036
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-49.30% / 97.86%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3808
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.15% / 84.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3218
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.72% / 98.26%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1881
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-43.23% / 97.60%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeaccessn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0020
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-50.99% / 97.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1435
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.69% / 97.92%
||
7 Day CHG~0.00%
Published-08 Jul, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows-ntn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0104
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-48.45% / 97.82%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officepublishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0116
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-74.38% / 98.87%
||
7 Day CHG~0.00%
Published-11 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_vieweroffice_compatibility_pack_for_word_excel_ppt_2007exceln/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0043
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.88% / 89.84%
||
7 Day CHG~0.00%
Published-08 Feb, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphoton/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0119
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.86% / 98.15%
||
7 Day CHG~0.00%
Published-13 May, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0115
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.92% / 98.77%
||
7 Day CHG~0.00%
Published-11 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_vieweroffice_compatibility_pack_for_word_excel_ppt_2007exceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1699
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-31.42% / 96.91%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1698.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1696
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.09% / 97.02%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1698
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.09% / 97.02%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, and CVE-2015-1699.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1675
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-31.42% / 96.91%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1695, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1697
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.09% / 97.02%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1695, CVE-2015-1696, CVE-2015-1698, and CVE-2015-1699.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1645
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-45.98% / 97.72%
||
7 Day CHG~0.00%
Published-14 Apr, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_7windows_server_2008windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1695
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-31.42% / 96.91%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-1061
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.41% / 90.37%
||
7 Day CHG~0.00%
Published-12 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1091
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-64.11% / 98.46%
||
7 Day CHG~0.00%
Published-13 May, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewerofficeoffice_compatibility_pack_for_word_excel_ppt_2007n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2525
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-30.31% / 96.81%
||
7 Day CHG~0.00%
Published-14 Oct, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_media_format_runtimewindows_vistawindows_xpwindows_2000windows_media_playerwindows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0225
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.71% / 98.13%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpointn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-2217
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-86.43% / 99.43%
||
7 Day CHG~0.00%
Published-09 Oct, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

Action-Not Available
Vendor-kodakn/aMicrosoft Corporation
Product-image_viewerwindows_2000windows_2003_serverwindows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-0090
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-23.73% / 96.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0091, CVE-2015-0092, and CVE-2015-0093.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-0091
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-23.73% / 96.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0092, and CVE-2015-0093.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-0092
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-23.73% / 96.13%
||
7 Day CHG~0.00%
Published-11 Mar, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012windows_server_2003n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-3400
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-84.37% / 99.34%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4294
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.07% / 90.98%
||
7 Day CHG~0.00%
Published-06 Dec, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.

Action-Not Available
Vendor-n/aMicrosoft CorporationVMware (Broadcom Inc.)
Product-playermovie_decoderwindowsworkstationservern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1900
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-41.41% / 97.50%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-worksoffice_compatibility_packopen_xml_file_format_converterofficeoffice_word_viewerwordn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0263
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.85% / 98.09%
||
7 Day CHG~0.00%
Published-10 Mar, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during decompression of Open XML (.XLSX) documents, which allows remote attackers to execute arbitrary code via a crafted document that triggers access to uninitialized memory locations, aka "Microsoft Office Excel XLSX File Parsing Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_excel_viewerexceloffice_compatibility_packoffice_sharepoint_serveropen_xml_file_format_converterofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1176
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.73% / 93.88%
||
7 Day CHG~0.00%
Published-29 Mar, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-1157
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-4.22% / 89.04%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-1057
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-4.43% / 89.32%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MS XML Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system. The update addresses the vulnerability by correcting how the MSXML parser processes user input.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3134
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-51.24% / 97.95%
||
7 Day CHG~0.00%
Published-11 Nov, 2009 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-compatibility_pack_word_excel_powerpointexcel_viewerexcelopen_xml_file_format_converterofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-9949
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-9.81% / 93.16%
||
7 Day CHG~0.00%
Published-17 Dec, 2016 | 03:34
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

Action-Not Available
Vendor-apport_projectn/aCanonical Ltd.
Product-ubuntu_linuxapportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0223
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.48% / 98.32%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpointn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 114
  • 115
  • Next
Details not found