Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0586

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-10 Feb, 2011 | 17:00
Updated At-06 Aug, 2024 | 21:58
Rejected At-
Credits

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:10 Feb, 2011 | 17:00
Updated At:06 Aug, 2024 | 21:58
Rejected At:
▼CVE Numbering Authority (CNA)

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/0492
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/43470
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/46214
vdb-entry
x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2011-0301.html
vendor-advisory
x_refsource_REDHAT
http://www.vupen.com/english/advisories/2011/0337
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1025033
vdb-entry
x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
vdb-entry
signature
x_refsource_OVAL
http://www.adobe.com/support/security/bulletins/apsb11-03.html
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2011/0492
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/43470
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/46214
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0301.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.vupen.com/english/advisories/2011/0337
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1025033
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb11-03.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/0492
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/43470
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/46214
vdb-entry
x_refsource_BID
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-0301.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.vupen.com/english/advisories/2011/0337
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1025033
vdb-entry
x_refsource_SECTRACK
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.adobe.com/support/security/bulletins/apsb11-03.html
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0492
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/43470
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46214
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0301.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0337
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025033
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb11-03.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:10 Feb, 2011 | 18:00
Updated At:11 Apr, 2025 | 00:51

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>acrobat_reader>>8.0
cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1
cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.1
cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.2
cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.4
cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.5
cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.6
cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.1.7
cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.2
cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.2.1
cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.2.2
cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.2.3
cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>8.2.4
cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.0
cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.1
cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.1.1
cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.1.2
cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.1.3
cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.2
cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3
cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3.1
cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3.2
cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3.3
cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.3.4
cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.4
cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>9.4.1
cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>10.0
cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.0
cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1
cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.1
cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.2
cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.3
cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.4
cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.5
cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.6
cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.1.7
cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.2
cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.2.1
cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.2.2
cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.2.3
cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>8.2.4
cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.0
cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.1
cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.1.1
cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.1.2
cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.1.3
cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.2
cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>9.3
cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/43470psirt@adobe.com
N/A
http://www.adobe.com/support/security/bulletins/apsb11-03.htmlpsirt@adobe.com
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0301.htmlpsirt@adobe.com
N/A
http://www.securityfocus.com/bid/46214psirt@adobe.com
N/A
http://www.securitytracker.com/id?1025033psirt@adobe.com
N/A
http://www.vupen.com/english/advisories/2011/0337psirt@adobe.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0492psirt@adobe.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65291psirt@adobe.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535psirt@adobe.com
N/A
http://secunia.com/advisories/43470af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.adobe.com/support/security/bulletins/apsb11-03.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0301.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46214af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025033af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0337af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0492af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/65291af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/43470
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb11-03.html
Source: psirt@adobe.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0301.html
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46214
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025033
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0337
Source: psirt@adobe.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0492
Source: psirt@adobe.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
Source: psirt@adobe.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
Source: psirt@adobe.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/43470
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb11-03.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-0301.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46214
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0337
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0492
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/65291
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12535
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6219Records found
CVE-2010-4196
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-13.25% / 93.89%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1269
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-49.50% / 97.72%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converteroffice_compatibility_packofficepowerpointn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3620
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.56% / 88.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3236
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.27% / 98.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3231
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.73% / 98.23%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3629
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.96% / 90.30%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3235
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.27% / 98.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3233
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-63.01% / 98.32%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3626
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-3.41% / 86.97%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3237
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.27% / 98.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3242
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.20% / 98.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3240
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.27% / 98.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packexcelexcel_viewern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3624
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-22.53% / 95.63%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2877
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-13.67% / 94.00%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2873
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-11.05% / 93.17%
||
7 Day CHG~0.00%
Published-26 Aug, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2738
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-25.68% / 96.03%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officewindows_xpwindows_server_2008windows_server_2003windows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-2571
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.04% / 98.25%
||
7 Day CHG~0.00%
Published-16 Dec, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8265
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-18.02% / 94.91%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8414
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-88.51% / 99.47%
||
7 Day CHG~0.00%
Published-15 Aug, 2018 | 17:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1703windows_10_1803windows_server_1709windows_server_1803windows_10_1709Windows 10Windows 10 ServersWindows
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8115
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.6||HIGH
EPSS-7.04% / 91.12%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 19:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_host_compute_service_shimWindows Host Compute
CWE ID-CWE-20
Improper Input Validation
CVE-2018-8176
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-30.90% / 96.58%
||
7 Day CHG~0.00%
Published-23 May, 2018 | 13:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_for_macMicrosoft Office
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3893
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.01%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:49
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1248
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-82.92% / 99.20%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_server_2008n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0979
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-66.75% / 98.48%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21069
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.62% / 68.99%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 18:11
Updated-23 Apr, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Creative Cloud Privilege Escalation Vulnerability

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-creative_cloud_desktop_applicationwindowsmacosCreative Cloud (desktop component)
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0623
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.61% / 88.84%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0624
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.61% / 88.84%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0660
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-48.91% / 97.69%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0594
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-9.93% / 92.73%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4698
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-25 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0027
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.91% / 98.68%
||
7 Day CHG~0.00%
Published-12 Jan, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_data_access_componentswindows_server_2003windows_2003_serverwindows_vistadata_access_componentsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0655
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-66.25% / 98.46%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-powerpoint_web_appofficeoffice_powerpoint_viewerpowerpoint_viewerpowerpointopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0625
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.61% / 88.84%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0599
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-12.48% / 93.66%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0591
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0592
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.42% / 88.60%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0215
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.34% / 84.23%
||
7 Day CHG-0.69%
Published-21 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7imageiowindows_xpwindows_vistasafarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0626
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.61% / 88.84%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0595
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-12.04% / 93.53%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-0042
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-57.02% / 98.05%
||
7 Day CHG~0.00%
Published-09 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xp_media_centerwindows_xpwindows_vistawindows_media_center_tv_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4384
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.95% / 82.71%
||
7 Day CHG~0.00%
Published-14 Dec, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file.

Action-Not Available
Vendor-n/aRealNetworks LLCApple Inc.Linux Kernel Organization, Inc
Product-linux_kernelrealplayermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4195
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-13.25% / 93.89%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-shockwave_playern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3958
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.40% / 98.06%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3234
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.81% / 98.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3232
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.20% / 98.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3239
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.68% / 98.13%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3241
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.90% / 97.78%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3238
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.27% / 98.02%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3631
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-27.22% / 96.21%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3627
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.56% / 88.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 124
  • 125
  • Next
Details not found