Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-7184

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Nov, 2016 | 06:16
Updated At-06 Aug, 2024 | 01:50
Rejected At-
Credits

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Nov, 2016 | 06:16
Updated At:06 Aug, 2024 | 01:50
Rejected At:
▼CVE Numbering Authority (CNA)

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1037252
vdb-entry
x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
vendor-advisory
x_refsource_MS
http://www.securityfocus.com/bid/94015
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1037252
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
Resource:
vendor-advisory
x_refsource_MS
Hyperlink: http://www.securityfocus.com/bid/94015
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1037252
vdb-entry
x_refsource_SECTRACK
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
vendor-advisory
x_refsource_MS
x_transferred
http://www.securityfocus.com/bid/94015
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037252
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: http://www.securityfocus.com/bid/94015
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Nov, 2016 | 06:59
Updated At:12 Apr, 2025 | 10:46

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Microsoft Corporation
microsoft
>>windows_10>>-
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_10>>1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_8.1>>*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_rt_8.1>>*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>r2
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>-
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2012>>r2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2016>>-
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/94015secure@microsoft.com
N/A
http://www.securitytracker.com/id/1037252secure@microsoft.com
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134secure@microsoft.com
N/A
http://www.securityfocus.com/bid/94015af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1037252af854a3a-2127-422b-91ae-364da2661108
N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.securityfocus.com/bid/94015
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037252
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/94015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1037252
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7337Records found
CVE-2016-3259
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-27.13% / 96.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3248.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-15285
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.06%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:35
Updated-13 Nov, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft Corporation
Product-windowswebex_meetings_serverwebex_meetingswebex_meetings_onlineCisco WebEx WRF Player
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-15284
Matching Score-10
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-10
Assigner-Cisco Systems, Inc.
CVSS Score-7.8||HIGH
EPSS-0.47% / 63.66%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:12
Updated-20 Nov, 2024 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Action-Not Available
Vendor-Cisco Systems, Inc.Microsoft Corporation
Product-windowswebex_business_suitewebex_meetings_serverwebex_meetings_onlineCisco WebEx WRF Player
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1441
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.62% / 95.36%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2008WindowsWindows Server
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-1145
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-31.87% / 96.66%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3356
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-20.51% / 95.34%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 allows remote attackers to execute arbitrary code via a crafted document, aka "GDI Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3318
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3367
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-24.25% / 95.87%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-silverlightn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3282
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, SharePoint Server 2016, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_apps_serverword_for_macoffice_web_appsoffice_online_serverword_vieweroffice_compatibility_packsharepoint_serverword_rtofficewordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3365
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-21.70% / 95.52%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3362.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_online_serveroffice_compatibility_packexcelexcel_viewersharepoint_designern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3265
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-25.11% / 95.97%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3269.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3338
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3283
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3214
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.46% / 95.33%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3333
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3335
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3332
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.18% / 91.22%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3359
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-19.79% / 95.23%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelexcel_vieweroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1987
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.63% / 98.13%
||
7 Day CHG~0.00%
Published-15 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3210
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.58% / 95.64%
||
7 Day CHG-3.01%
Published-16 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2496
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.26% / 98.26%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 17:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_web_componentsvisual_studio_.netinternet_security_and_acceleration_serverbiztalk_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3281
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-41.94% / 97.34%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_for_macoffice_web_appssharepoint_serverword_rtofficewordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4837
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.94% / 98.68%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_word_vieweroffice_wordopen_xml_file_format_converterofficeoffice_outlookworksoffice_systemoffice_compatibility_pack_for_word_excel_ppt_2007n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3364
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-22.66% / 95.65%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-vision/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3284
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-31.60% / 96.64%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_compatibility_packexcelexcel_rtexcel_viewerexcel_for_macn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3358
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-28.59% / 96.36%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Automation Services on SharePoint Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_online_serveroffice_compatibility_packexcelexcel_for_macexcel_viewersharepoint_designern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3316
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-47.00% / 97.59%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_for_macwordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3342
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-13.85% / 94.05%
||
7 Day CHG~0.00%
Published-10 Nov, 2016 | 06:16
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2016windows_7windows_server_2008windows_rt_8.1windows_vistawindows_server_2012windows_8.1windows_10n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3357
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-29.43% / 96.44%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_web_apps_serverword_for_macoffice_web_appsword_viewerofficesharepoint_foundationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3278
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-25.85% / 96.05%
||
7 Day CHG~0.00%
Published-13 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-outlook_rtoutlookn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4025
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-65.69% / 98.43%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_word_vieweroffice_wordopen_xml_file_format_converterofficeoffice_outlookworksoffice_systemoffice_compatibility_pack_for_word_excel_ppt_2007n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4922
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-67.09% / 98.49%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 20:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties.

Action-Not Available
Vendor-djvun/aMicrosoft Corporation
Product-activex_control_for_microsoft_office_2000officen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4255
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-53.44% / 97.89%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_studio_.netvisual_basicoffice_frontpagevisual_foxproprojectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4473
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-20.95% / 95.42%
||
7 Day CHG~0.00%
Published-17 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-windowsflash_playern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4028
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-69.89% / 98.61%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_word_vieweroffice_wordopen_xml_file_format_converterofficeoffice_outlookworksoffice_systemoffice_compatibility_pack_for_word_excel_ppt_2007n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-8464
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-82.37% / 99.18%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3313
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-47.00% / 97.59%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-word_for_macword_viewerofficen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1131
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-69.66% / 98.60%
||
7 Day CHG~0.00%
Published-12 May, 2009 | 22:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_powerpointn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2730
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-7.99% / 91.75%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_servicesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3012
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-70.69% / 98.63%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 15:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerforefront_client_securityreport_viewerwindows-ntwindows_xpdigital_image_suitesql_servervisiowindows_vistaofficeoffice_powerpoint_viewerworksoffice_systemwindowssql_server_reporting_servicesservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3465
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-41.37% / 97.31%
||
7 Day CHG~0.00%
Published-10 Dec, 2008 | 13:33
Updated-17 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_vistawindows_xpwindows_server_2008windows_2000windows_server_2003n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-2207
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-12.52% / 93.68%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1784
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.92% / 89.21%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3014
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-71.55% / 98.67%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 15:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visiointernet_explorerwindows_vistaofficeforefront_client_securityreport_vieweroffice_powerpoint_viewerwindows-ntwindows_xpworkssql_server_reporting_servicesdigital_image_suiteserversql_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1785
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-7.56% / 91.46%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1774
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-5.92% / 90.27%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3704
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-87.47% / 99.42%
||
7 Day CHG+5.70%
Published-18 Aug, 2008 | 19:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_studio_.netvisual_foxprovisual_basicvisual_studion/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1534
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-75.43% / 98.84%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeoffice_web_componentsvisual_studio_.netisa_serverbiztalk_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-1295
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-12.52% / 93.68%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2427
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-36.67% / 97.01%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

Action-Not Available
Vendor-pagesperso-orangen/aRed Hat, Inc.FreeBSD FoundationMicrosoft Corporation
Product-freebsdgfl_sdkxnviewlinuxnconvertwindows_ntn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 146
  • 147
  • Next
Details not found