Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-36068

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-01 Sep, 2021 | 14:34
Updated At-23 Apr, 2025 | 19:31
Rejected At-
Credits

Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:01 Sep, 2021 | 14:34
Updated At:23 Apr, 2025 | 19:31
Rejected At:
▼CVE Numbering Authority (CNA)
Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Affected Products
Vendor
Adobe Inc.Adobe
Product
Bridge
Versions
Affected
  • From unspecified through 11.1 (custom)
  • From unspecified through None (custom)
Problem Types
TypeCWE IDDescription
CWECWE-788Access of Memory Location After End of Buffer (CWE-788)
Type: CWE
CWE ID: CWE-788
Description: Access of Memory Location After End of Buffer (CWE-788)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/bridge/apsb21-69.html
x_refsource_MISC
Hyperlink: https://helpx.adobe.com/security/products/bridge/apsb21-69.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/bridge/apsb21-69.html
x_refsource_MISC
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/bridge/apsb21-69.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:01 Sep, 2021 | 15:15
Updated At:09 Sep, 2021 | 13:55

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Adobe Inc.
adobe
>>bridge>>Versions up to 11.1(inclusive)
cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE-788Secondarypsirt@adobe.com
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-788
Type: Secondary
Source: psirt@adobe.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/bridge/apsb21-69.htmlpsirt@adobe.com
Patch
Vendor Advisory
Hyperlink: https://helpx.adobe.com/security/products/bridge/apsb21-69.html
Source: psirt@adobe.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8824Records found
CVE-2013-5051
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-22.76% / 95.67%
||
7 Day CHG~0.00%
Published-11 Dec, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3038
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.69% / 81.48%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3017
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.98% / 85.99%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2942
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.64% / 92.07%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2941
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-9.33% / 92.44%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3016
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.26% / 91.88%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2954
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-4.74% / 88.99%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1276
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.69% / 98.03%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel spreadsheet, related to improper validation of record information, aka "Excel Buffer Overrun Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43022
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush PNG File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3121
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.26% / 91.88%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3039
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.52% / 84.80%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3004
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.56% / 92.03%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-windowsphotoshop_ccAdobe Photoshop CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2948
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.20% / 91.85%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2945
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-8.44% / 91.97%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43028
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-2963
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-11 Jan, 2017 | 04:40
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43015
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.99% / 75.93%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:32
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InCopy GIF File Parsing Memory Corruption Arbitrary Code Execution

Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-incopywindowsmacosInCopy
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3025
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.53% / 84.85%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43029
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3117
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-29.15% / 96.41%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-3041
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.90% / 85.81%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.Microsoft Corporation
Product-acrobatmac_os_xacrobat_dcreaderacrobat_reader_dcwindowsAdobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42730
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption could lead to Arbitrary code execution

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42737
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.81% / 87.64%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:23
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42724
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption could lead to Arbitrary code execution

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42267
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.95% / 75.42%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:40
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution

Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43025
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush SVG File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42729
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-5.08% / 89.39%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption could lead to Arbitrary code execution

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsbridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3886
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.55% / 95.91%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42526
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements WAV file memory corruption vulnerability could lead to arbitrary code execution

Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-premiere_elementswindowsmacosPremiere Elements
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1274
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-50.12% / 97.74%
||
7 Day CHG~0.00%
Published-16 Jun, 2011 | 20:21
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds Array Access Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexcel_viewerexcelopen_xml_file_format_converteroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42738
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 15:25
Updated-23 Apr, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Prelude MXF File Parsing Memory Corruption Arbitrary Code Execution

Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspreludePrelude
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42732
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.18%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:57
Updated-16 Sep, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign crashes when parsing the GIF file

Access of Memory Location After End of Buffer (CWE-788)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsindesignmacosInDesign
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-43026
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.80% / 82.05%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush MXF File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere Rush
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42725
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-11.31% / 93.26%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 21:14
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge Memory Corruption could lead to Arbitrary code execution

Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.
Product-bridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-43023
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-2.85% / 85.69%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-23 Apr, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Rush EPS/TIFF File Memory Corruption Remote Code Execution

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowspremiere_rushPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-3863
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-45.91% / 97.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3891
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.42% / 97.84%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3890
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.42% / 97.84%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-excelexcel_vieweroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5579
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.88% / 98.14%
||
7 Day CHG~0.00%
Published-12 Dec, 2006 | 20:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_server_2003n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3856
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.85% / 97.86%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordword_viewern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3852
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.85% / 97.86%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordword_vieweroffice_compatibility_packn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3882
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-24.55% / 95.91%
||
7 Day CHG~0.00%
Published-09 Oct, 2013 | 14:44
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40754
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.73% / 81.65%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:19
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3853
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-52.85% / 97.86%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3854.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40765
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Character Animator Memory Corruption could lead to Arbitrary code execution

Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowscharacter_animatormacosCharacter Animator (Preview 4)
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40702
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 15:42
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements psd Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-premiere_elementswindowsmacosPremiere
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40738
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.57%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition WAV file Memory corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3916
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-23.86% / 95.79%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40735
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.83% / 87.68%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition Memory Corruption could lead to Arbitrary code execution

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40755
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:20
Updated-23 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects SGI File Parsing Memory Corruption Arbitrary Code Execution

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 176
  • 177
  • Next
Details not found