Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-36014

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-09 Nov, 2023 | 23:28
Updated At-29 Apr, 2025 | 23:34
Rejected At-
Credits

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:09 Nov, 2023 | 23:28
Updated At:29 Apr, 2025 | 23:34
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Edge (Chromium-based)
Platforms
  • Unknown
Versions
Affected
  • From 1.0.0 before 119.0.2151.58 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Nov, 2023 | 00:15
Updated At:28 Feb, 2025 | 21:15

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
CPE Matches
Microsoft Corporation
microsoft
>>edge_chromium>>Versions before 119.0.2151.58(exclusive)
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014secure@microsoft.com
Patch
Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36014
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

480Records found
CVE-2021-31949
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.58% / 67.87%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-28 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoutlookMicrosoft 365 Apps for EnterpriseMicrosoft Outlook 2013 Service Pack 1Microsoft Office 2019Microsoft Outlook 2016
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-36034
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.63% / 69.27%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 00:22
Updated-29 Apr, 2025 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based) Extended StableMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2023-36762
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.04%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-27 Feb, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficewordsharepoint_server365_appsMicrosoft Office 2019 for MacMicrosoft Office 2019Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Word 2016Microsoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2021
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1265
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.17%
||
7 Day CHG~0.00%
Published-13 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."

Action-Not Available
Vendor-bluetoothn/aMicrosoft Corporation
Product-windows_7bluetooth_stackwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-22117
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.00%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 12:47
Updated-02 Apr, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Broadcom Inc.Microsoft Corporation
Product-rabbitmq_serverwindowsRabbitMQ
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-1508
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-28.10% / 96.30%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-0093
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-44.03% / 97.45%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-vision/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-0028
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.16% / 97.93%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4588
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-73.59% / 98.76%
||
7 Day CHG~0.00%
Published-23 Dec, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973, possibly an untrusted pointer dereference.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wmi_administrative_toolsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-34714
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.03% / 76.41%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 19:55
Updated-29 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_7windows_server_2022windows_server_2019windows_10windows_11windows_server_2008windows_server_2012windows_8.1windows_server_2016windows_rt_8.1Windows Server 2019 (Server Core installation)Windows 7 Service Pack 1Windows Server 2019Windows Server version 20H2Windows Server 2012 R2Windows 7Windows 10 Version 1507Windows Server 2008 Service Pack 2Windows 10 Version 21H1Windows 10 Version 21H2Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1607Windows 8.1Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2012Windows 10 Version 1809Windows 10 Version 20H2Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4368
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.79%
||
7 Day CHG~0.00%
Published-02 Dec, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

Action-Not Available
Vendor-awstatsn/aMicrosoft Corporation
Product-awstatswindowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3809
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-2.35% / 84.27%
||
7 Day CHG~0.00%
Published-20 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3219
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.56% / 98.03%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3331
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3973
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-78.18% / 98.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wmi_administrative_toolsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2996
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.25% / 92.41%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.

Action-Not Available
Vendor-n/aRealNetworks LLCMicrosoft Corporation
Product-windowsrealplayern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3216
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3228
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-55.12% / 97.97%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7windows_xpwindows_server_2008windows_server_2003windows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3218
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.72% / 98.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-3221
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.35% / 97.94%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficeword_viewern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2217
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-5.97% / 90.31%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelflash_media_serverflash_media_server_2windowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2561
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.29% / 98.26%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-xml_core_servicesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2205
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-10.42% / 92.93%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2553
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-74.68% / 98.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2748
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.35% / 97.94%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2750
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.06%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-wordofficen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2564
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-54.84% / 97.95%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_movie_makern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2563
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-33.03% / 96.75%
||
7 Day CHG~0.00%
Published-15 Sep, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2003windows_xpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2208
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-10.82% / 93.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.Adobe Inc.
Product-windowsacrobat_readeracrobatmac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2562
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.15% / 98.02%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2569
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.93% / 98.24%
||
7 Day CHG~0.00%
Published-16 Dec, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-publishern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1901
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-47.91% / 97.64%
||
7 Day CHG~0.00%
Published-11 Aug, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeopen_xml_file_format_converterwordoffice_compatibility_packoffice_word_viewern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1770
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-11.73% / 93.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Action-Not Available
Vendor-n/aMicrosoft CorporationSUSECanonical Ltd.Google LLCopenSUSEApple Inc.
Product-ubuntu_linuxopensusesuse_linux_enterprise_desktopwindows_7suse_linux_enterprise_serverwebkitwindows_xpwindows_vistachromesafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1880
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.06%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2003_serverwindows_xpwindows_server_2008windows_2000directxwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1263
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-47.97% / 97.64%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1262
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-60.98% / 98.24%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2000windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1260
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-50.16% / 97.75%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2003_serverwindows_vistainternet_explorern/aie
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1246
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.40% / 98.26%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1881
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-56.15% / 98.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2010 | 18:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeaccessn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1256
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-33.55% / 96.79%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverwindows_7windows_server_2008windows_2003_serverwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1245
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.40% / 98.26%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1250
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.41% / 98.30%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1251
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-57.32% / 98.06%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1248
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-62.25% / 98.30%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1261
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.33% / 98.12%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1415
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-34.32% / 96.85%
||
7 Day CHG~0.00%
Published-11 Jun, 2010 | 17:28
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1247
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-61.40% / 98.26%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1249
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-64.89% / 98.40%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-open_xml_file_format_converterofficeexceln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1255
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2000windows_2003_serverwindows_vistan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-1259
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.3||HIGH
EPSS-58.33% / 98.12%
||
7 Day CHG~0.00%
Published-08 Jun, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_2000windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found