| Max CVSS | 10.0 | Min CVSS | 1.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-0810 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulner
|
21-10-2024 - 17:35 | 11-09-2013 - 14:03 | |
| CVE-2012-1539 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
|
21-10-2024 - 17:35 | 14-11-2012 - 00:55 | |
| CVE-2012-1867 | 7.2 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a
|
17-10-2024 - 20:35 | 12-06-2012 - 22:55 | |
| CVE-2013-1292 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafte
|
17-10-2024 - 20:35 | 09-04-2013 - 22:55 | |
| CVE-2013-1278 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
17-10-2024 - 20:35 | 13-02-2013 - 12:04 | |
| CVE-2012-1891 | 9.3 |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object
|
17-10-2024 - 19:35 | 10-07-2012 - 21:55 | |
| CVE-2012-1879 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerabil
|
17-10-2024 - 19:35 | 12-06-2012 - 22:55 | |
| CVE-2013-1340 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
17-10-2024 - 19:35 | 10-07-2013 - 03:46 | |
| CVE-2013-0022 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
|
17-10-2024 - 19:35 | 13-02-2013 - 12:04 | |
| CVE-2012-4787 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref
|
17-10-2024 - 19:35 | 12-12-2012 - 00:55 | |
| CVE-2013-3888 | 7.2 |
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
|
17-10-2024 - 18:35 | 09-10-2013 - 14:53 | |
| CVE-2012-4792 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated
|
14-08-2024 - 15:02 | 30-12-2012 - 18:55 | |
| CVE-2012-1856 | 9.3 |
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1
|
16-07-2024 - 17:37 | 15-08-2012 - 01:55 | |
| CVE-2013-3897 | 9.3 |
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that us
|
16-07-2024 - 17:35 | 09-10-2013 - 14:54 | |
| CVE-2013-1347 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
|
16-07-2024 - 17:35 | 05-05-2013 - 11:07 | |
| CVE-2010-0188 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
16-07-2024 - 17:30 | 22-02-2010 - 13:00 | |
| CVE-2013-3660 | 6.9 |
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does
|
09-07-2024 - 18:25 | 24-05-2013 - 20:55 | |
| CVE-2012-2539 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RT
|
09-07-2024 - 18:23 | 12-12-2012 - 00:55 | |
| CVE-2013-2551 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSe
|
09-07-2024 - 18:22 | 11-03-2013 - 10:55 | |
| CVE-2013-3896 | 4.3 |
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability.
|
28-06-2024 - 17:26 | 09-10-2013 - 14:53 | |
| CVE-2013-0074 | 9.3 |
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Dou
|
28-06-2024 - 17:26 | 13-03-2013 - 00:55 | |
| CVE-2009-4324 | 9.3 |
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZL
|
28-06-2024 - 14:20 | 15-12-2009 - 02:30 | |
| CVE-2009-3953 | 10.0 |
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMe
|
28-06-2024 - 14:20 | 13-01-2010 - 19:30 | |
| CVE-2010-1297 | 9.3 |
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a den
|
28-06-2024 - 14:20 | 08-06-2010 - 18:30 | |
| CVE-2013-1331 | 9.3 |
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
|
28-06-2024 - 14:18 | 12-06-2013 - 03:29 | |
| CVE-2012-1889 | 9.3 |
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
28-06-2024 - 14:18 | 13-06-2012 - 04:46 | |
| CVE-2010-2883 | 9.3 |
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
|
28-06-2024 - 14:16 | 09-09-2010 - 22:00 | |
| CVE-2013-3163 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
28-06-2024 - 13:40 | 10-07-2013 - 03:46 | |
| CVE-2010-3640 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:28 | 07-11-2010 - 22:00 | |
| CVE-2010-3636 | 9.3 |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote w
|
17-05-2024 - 17:27 | 07-11-2010 - 22:00 | |
| CVE-2010-3639 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unkn
|
17-05-2024 - 17:27 | 07-11-2010 - 22:00 | |
| CVE-2010-3650 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:18 | 07-11-2010 - 22:00 | |
| CVE-2010-3648 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
| CVE-2010-3649 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
| CVE-2010-3647 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:17 | 07-11-2010 - 22:00 | |
| CVE-2010-3646 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:12 | 07-11-2010 - 22:00 | |
| CVE-2010-3644 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:11 | 07-11-2010 - 22:00 | |
| CVE-2010-3645 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:11 | 07-11-2010 - 22:00 | |
| CVE-2010-3643 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:10 | 07-11-2010 - 22:00 | |
| CVE-2010-3642 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:10 | 07-11-2010 - 22:00 | |
| CVE-2010-3641 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 17:08 | 07-11-2010 - 22:00 | |
| CVE-2010-3652 | 9.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruptio
|
17-05-2024 - 16:54 | 07-11-2010 - 22:00 | |
| CVE-2008-3475 | 9.3 |
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a craft
|
08-02-2024 - 23:46 | 15-10-2008 - 00:12 | |
| CVE-2013-1315 | 9.3 |
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to exec
|
03-10-2023 - 15:37 | 11-09-2013 - 14:03 | |
| CVE-2010-2936 | 9.3 |
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint doc
|
13-02-2023 - 03:19 | 25-08-2010 - 20:00 | |
| CVE-2011-1183 | 5.8 |
Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerabil
|
13-02-2023 - 01:19 | 08-04-2011 - 15:17 | |
| CVE-2010-1387 | 9.3 |
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi
|
09-08-2022 - 13:48 | 18-06-2010 - 16:30 | |
| CVE-2010-3886 | 4.3 |
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtai
|
18-02-2022 - 18:39 | 08-10-2010 - 22:00 | |
| CVE-2013-0021 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability."
|
17-09-2021 - 11:15 | 13-02-2013 - 12:04 | |
| CVE-2013-3905 | 5.0 |
Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificat
|
30-08-2021 - 14:28 | 13-11-2013 - 00:55 | |
| CVE-2012-1872 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2011-1713 | 4.3 |
Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: thi
|
23-07-2021 - 15:12 | 15-04-2011 - 20:55 | |
| CVE-2011-0347 | 9.3 |
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
|
23-07-2021 - 15:12 | 07-01-2011 - 23:00 | |
| CVE-2012-1877 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1874 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1876 | 9.3 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflo
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1873 | 4.3 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerab
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1875 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1878 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1882 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerabi
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1523 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1880 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2012-1881 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
|
23-07-2021 - 15:12 | 12-06-2012 - 22:55 | |
| CVE-2013-3893 | 9.3 |
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL t
|
17-05-2021 - 17:15 | 18-09-2013 - 10:08 | |
| CVE-2012-2532 | 5.0 |
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka
|
05-02-2021 - 15:37 | 14-11-2012 - 00:55 | |
| CVE-2012-2531 | 2.1 |
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
|
05-02-2021 - 15:37 | 14-11-2012 - 00:55 | |
| CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
08-12-2020 - 15:11 | 09-10-2013 - 14:53 | |
| CVE-2013-0006 | 9.3 |
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
|
20-11-2020 - 20:15 | 09-01-2013 - 18:09 | |
| CVE-2013-3167 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2012-4774 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2013-3888 | 7.2 |
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerab
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2012-4792 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated
|
28-09-2020 - 12:58 | 30-12-2012 - 18:55 | |
| CVE-2013-3881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3128 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3894 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary cod
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3183 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-2556 | 7.5 |
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN
|
28-09-2020 - 12:58 | 11-03-2013 - 10:55 | |
| CVE-2013-3195 | 10.0 |
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3175 | 10.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchron
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3172 | 4.9 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system ha
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-3186 | 7.6 |
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-3174 | 9.3 |
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
| CVE-2013-3185 | 5.0 |
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and p
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-3173 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local u
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2012-4787 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2013-3138 | 7.1 |
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-06-2013 - 03:30 | |
| CVE-2012-4775 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-4776 | 9.3 |
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitra
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2013-3887 | 4.9 |
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
|
28-09-2020 - 12:58 | 13-11-2013 - 00:55 | |
| CVE-2012-4782 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-4777 | 9.3 |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2529 | 7.2 |
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that l
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
| CVE-2012-1895 | 9.3 |
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1873 | 4.3 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerab
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1339 | 9.0 |
The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authentica
|
28-09-2020 - 12:58 | 12-06-2013 - 03:29 | |
| CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1268 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1252 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1259 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
| CVE-2012-1881 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1878 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1270 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1250 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1283 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1265 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1263 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1286 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1269 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1524 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1889 | 9.3 |
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
|
28-09-2020 - 12:58 | 13-06-2012 - 04:46 | |
| CVE-2012-1864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1300 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1279 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1249 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1523 | 9.3 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-2530 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2013-1332 | 7.2 |
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
| CVE-2013-1272 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-2551 | 5.0 |
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereferenc
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
| CVE-2012-1891 | 9.3 |
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1880 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1874 | 9.3 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1855 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1538 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2531 | 2.1 |
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1875 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1271 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1253 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1890 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows lo
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1877 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1851 | 10.0 |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2013-1340 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1345 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1275 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1522 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1893 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2013-1276 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1254 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-2527 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2013-1334 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
| CVE-2013-1287 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1277 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1266 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1879 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerabil
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1876 | 9.3 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflo
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1870 | 4.3 |
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaint
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1867 | 7.2 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1293 | 6.9 |
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a craft
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1267 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1528 | 9.3 |
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileg
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2556 | 9.3 |
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-1896 | 5.0 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1882 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerabi
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1281 | 7.1 |
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1257 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1280 | 7.2 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, wh
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1262 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1251 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1274 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1264 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1258 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1539 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2519 | 7.9 |
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1858 | 4.3 |
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduc
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1850 | 5.0 |
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not pro
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2013-1285 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1256 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2013-1248 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1347 | 9.3 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
|
28-09-2020 - 12:58 | 05-05-2013 - 11:07 | |
| CVE-2013-1273 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1255 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1292 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafte
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1261 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-1527 | 9.3 |
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privile
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2013-1288 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1278 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1260 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1345 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-0075 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0020 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0093 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-3881 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3172 | 4.9 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system ha
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1332 | 7.2 |
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in m
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
| CVE-2013-1283 | 6.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1273 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1263 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1254 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1248 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0087 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-0023 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0020 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0022 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0075 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted pack
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0090 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0094 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0087 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-3200 | 7.2 |
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-1334 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 15-05-2013 - 03:36 | |
| CVE-2013-1277 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1249 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0030 | 9.3 |
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0007 | 9.3 |
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-2556 | 9.3 |
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-1851 | 10.0 |
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2013-3174 | 9.3 |
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1251 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0094 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0026 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0002 | 9.3 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) o
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-2519 | 7.9 |
Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-0029 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0019 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-3167 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1286 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1267 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0090 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0024 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-4777 | 9.3 |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2527 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2012-1855 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework applica
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-0175 | 9.3 |
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2)
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2013-0073 | 10.0 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0005 | 7.8 |
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-3186 | 7.6 |
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-3138 | 7.1 |
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via
|
28-09-2020 - 12:58 | 12-06-2013 - 03:30 | |
| CVE-2013-1294 | 4.9 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1281 | 7.1 |
The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1272 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1258 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0092 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2012-2897 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before
|
28-09-2020 - 12:58 | 26-09-2012 - 10:56 | |
| CVE-2012-1895 | 9.3 |
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XB
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1528 | 9.3 |
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileg
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2013-0076 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference C
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0001 | 4.3 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-0217 | 7.2 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-R
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-0173 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-1260 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-0217 | 7.2 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-R
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-0175 | 9.3 |
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2)
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2013-0088 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0002 | 9.3 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) o
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-0008 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-0013 | 5.8 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle atta
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-3894 | 9.3 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary cod
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3183 | 7.8 |
The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote at
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-1285 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1276 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1268 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1259 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0029 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0008 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows loc
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-2551 | 5.0 |
The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereferenc
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
| CVE-2012-1893 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2013-3173 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local u
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1287 | 7.2 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory,
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1274 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1265 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1256 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1250 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0093 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0073 | 10.0 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code vi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0003 | 9.3 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP)
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-4782 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-2549 | 5.8 |
The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerab
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-1890 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows lo
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1850 | 5.0 |
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not pro
|
28-09-2020 - 12:58 | 15-08-2012 - 01:55 | |
| CVE-2013-0091 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-3175 | 10.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchron
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-1339 | 9.0 |
The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authentica
|
28-09-2020 - 12:58 | 12-06-2013 - 03:29 | |
| CVE-2013-1288 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-1264 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1253 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0088 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerabilit
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0023 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0004 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (X
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-2530 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain priv
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1870 | 4.3 |
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaint
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-1538 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2013-0007 | 9.3 |
Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-0004 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (X
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-3879 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT a
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-3129 | 9.3 |
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Serv
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1300 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects
|
28-09-2020 - 12:58 | 10-07-2013 - 03:46 | |
| CVE-2013-1279 | 7.2 |
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain p
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1270 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1261 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0076 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference C
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2012-4774 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that
|
28-09-2020 - 12:58 | 12-12-2012 - 00:55 | |
| CVE-2012-1896 | 5.0 |
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafte
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1522 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2012-0173 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which a
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2013-0026 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0011 | 10.0 |
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Compone
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-3887 | 4.9 |
The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local user
|
28-09-2020 - 12:58 | 13-11-2013 - 00:55 | |
| CVE-2013-1275 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1266 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1257 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0092 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerabili
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0006 | 9.3 |
Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-4776 | 9.3 |
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitra
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-2529 | 7.2 |
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that l
|
28-09-2020 - 12:58 | 09-10-2012 - 21:55 | |
| CVE-2013-0089 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free V
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0003 | 9.3 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP)
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2013-3185 | 5.0 |
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and p
|
28-09-2020 - 12:58 | 14-08-2013 - 11:10 | |
| CVE-2013-1269 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0030 | 9.3 |
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0024 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-3195 | 10.0 |
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows
|
28-09-2020 - 12:58 | 09-10-2013 - 14:53 | |
| CVE-2013-2556 | 7.5 |
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN
|
28-09-2020 - 12:58 | 11-03-2013 - 10:55 | |
| CVE-2013-1280 | 7.2 |
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, wh
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1262 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1255 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0089 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free V
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0011 | 10.0 |
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Compone
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-4775 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2012-1865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode
|
28-09-2020 - 12:58 | 12-06-2012 - 22:55 | |
| CVE-2012-1524 | 9.3 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
|
28-09-2020 - 12:58 | 10-07-2012 - 21:55 | |
| CVE-2011-3402 | 9.3 |
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP
|
28-09-2020 - 12:58 | 04-11-2011 - 21:55 | |
| CVE-2013-1293 | 6.9 |
The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a craft
|
28-09-2020 - 12:58 | 09-04-2013 - 22:55 | |
| CVE-2013-1271 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-1252 | 4.9 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and co
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0091 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."
|
28-09-2020 - 12:58 | 13-03-2013 - 00:55 | |
| CVE-2013-0019 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerabi
|
28-09-2020 - 12:58 | 13-02-2013 - 12:04 | |
| CVE-2013-0001 | 4.3 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML bro
|
28-09-2020 - 12:58 | 09-01-2013 - 18:09 | |
| CVE-2012-1527 | 9.3 |
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privile
|
28-09-2020 - 12:58 | 14-11-2012 - 00:55 | |
| CVE-2010-2110 | 7.5 |
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 21:03 | 28-05-2010 - 18:30 | |
| CVE-2010-2109 | 7.5 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
|
06-08-2020 - 21:01 | 28-05-2010 - 18:30 | |
| CVE-2010-2108 | 7.5 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
|
06-08-2020 - 21:01 | 28-05-2010 - 18:30 | |
| CVE-2010-2106 | 4.3 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
| CVE-2010-2107 | 10.0 |
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
|
06-08-2020 - 20:57 | 28-05-2010 - 18:30 | |
| CVE-2010-2105 | 10.0 |
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.
|
06-08-2020 - 20:56 | 28-05-2010 - 18:30 | |
| CVE-2010-4042 | 7.5 |
Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements."
|
31-07-2020 - 19:37 | 21-10-2010 - 19:00 | |
| CVE-2010-1825 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to nested SVG elements.
|
31-07-2020 - 19:23 | 24-09-2010 - 19:00 | |
| CVE-2010-1824 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG style
|
31-07-2020 - 19:21 | 24-09-2010 - 19:00 | |
| CVE-2010-1823 | 9.3 |
Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as doc
|
31-07-2020 - 19:20 | 24-09-2010 - 19:00 | |
| CVE-2010-4494 | 7.5 |
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath
|
31-07-2020 - 18:38 | 07-12-2010 - 21:00 | |
| CVE-2010-4204 | 7.5 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified othe
|
31-07-2020 - 18:25 | 06-11-2010 - 00:00 | |
| CVE-2010-4203 | 10.0 |
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
|
31-07-2020 - 18:24 | 06-11-2010 - 00:00 | |
| CVE-2010-4201 | 7.5 |
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
|
31-07-2020 - 18:21 | 06-11-2010 - 00:00 | |
| CVE-2010-4199 | 6.8 |
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SV
|
31-07-2020 - 17:54 | 06-11-2010 - 00:00 | |
| CVE-2010-4197 | 7.5 |
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
| CVE-2010-4198 | 6.8 |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified oth
|
31-07-2020 - 17:53 | 06-11-2010 - 00:00 | |
| CVE-2010-4040 | 6.8 |
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.
|
31-07-2020 - 17:33 | 21-10-2010 - 19:00 | |
| CVE-2010-4205 | 7.5 |
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
31-07-2020 - 15:26 | 06-11-2010 - 00:00 | |
| CVE-2010-4206 | 6.8 |
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service
|
31-07-2020 - 15:06 | 06-11-2010 - 00:00 | |
| CVE-2010-4493 | 4.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.
|
28-07-2020 - 19:15 | 07-12-2010 - 21:00 | |
| CVE-2010-4492 | 7.5 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.
|
28-07-2020 - 19:05 | 07-12-2010 - 21:00 | |
| CVE-2010-4008 | 4.3 |
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to ca
|
04-06-2020 - 20:31 | 17-11-2010 - 01:00 | |
| CVE-2010-3130 | 9.3 |
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the sam
|
13-05-2020 - 17:15 | 26-08-2010 - 18:36 | |
| CVE-2010-3492 | 5.0 |
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, whic
|
29-10-2019 - 00:56 | 19-10-2010 - 20:00 | |
| CVE-2010-3493 | 4.3 |
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept f
|
25-10-2019 - 11:53 | 19-10-2010 - 20:00 | |
| CVE-2010-3637 | 9.3 |
An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.
|
09-10-2019 - 23:01 | 07-11-2010 - 22:00 | |
| CVE-2008-3473 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive inf
|
09-10-2019 - 22:56 | 15-10-2008 - 00:12 | |
| CVE-2012-4791 | 3.5 |
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
|
01-06-2019 - 00:29 | 12-12-2012 - 00:55 | |
| CVE-2013-3918 | 9.3 |
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold
|
14-05-2019 - 14:24 | 12-11-2013 - 14:35 | |
| CVE-2013-3869 | 5.0 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a de
|
14-05-2019 - 14:22 | 13-11-2013 - 00:55 | |
| CVE-2013-3940 | 9.3 |
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and W
|
14-05-2019 - 14:19 | 13-11-2013 - 00:55 | |
| CVE-2008-0085 | 5.0 |
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memor
|
28-02-2019 - 00:59 | 08-07-2008 - 23:41 | |
| CVE-2013-3181 | 9.3 |
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerabili
|
26-02-2019 - 14:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3863 | 9.3 |
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability."
|
26-02-2019 - 14:04 | 11-09-2013 - 14:03 | |
| CVE-2008-3472 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive inf
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
| CVE-2008-3476 | 9.3 |
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulner
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
| CVE-2013-1295 | 7.2 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "
|
26-02-2019 - 14:04 | 09-04-2013 - 22:55 | |
| CVE-2008-3474 | 4.3 |
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML
|
26-02-2019 - 14:04 | 15-10-2008 - 00:12 | |
| CVE-2013-0077 | 9.3 |
Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Offi
|
26-02-2019 - 14:04 | 13-02-2013 - 12:04 | |
| CVE-2008-0107 | 9.0 |
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allo
|
26-02-2019 - 14:04 | 08-07-2008 - 23:41 | |
| CVE-2013-3154 | 6.9 |
The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level direct
|
30-10-2018 - 16:27 | 10-07-2013 - 03:46 | |
| CVE-2012-2553 | 7.2 |
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted app
|
30-10-2018 - 16:27 | 14-11-2012 - 00:55 | |
| CVE-2010-4699 | 5.0 |
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an i
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
| CVE-2010-3975 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file th
|
30-10-2018 - 16:26 | 19-10-2010 - 21:00 | |
| CVE-2010-3569 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3572 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3562 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3574 | 10.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3571 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3565 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3556 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-4697 | 6.8 |
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of _
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
| CVE-2010-3559 | 10.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3557 | 6.8 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3554 | 10.0 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2006-7243 | 5.0 |
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argum
|
30-10-2018 - 16:26 | 18-01-2011 - 20:00 | |
| CVE-2010-3568 | 10.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3396 | 7.2 |
Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.
|
30-10-2018 - 16:26 | 15-09-2010 - 18:00 | |
| CVE-2010-3553 | 10.0 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-3551 | 5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
|
30-10-2018 - 16:26 | 19-10-2010 - 22:00 | |
| CVE-2010-2884 | 9.3 |
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS
|
30-10-2018 - 16:26 | 15-09-2010 - 18:00 | |
| CVE-2011-0755 | 5.0 |
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandma
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
| CVE-2011-0752 | 5.0 |
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions b
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
| CVE-2010-0186 | 6.8 |
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain r
|
30-10-2018 - 16:26 | 15-02-2010 - 18:30 | |
| CVE-2011-0753 | 4.3 |
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
| CVE-2011-0754 | 4.4 |
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform d
|
30-10-2018 - 16:26 | 02-02-2011 - 22:00 | |
| CVE-2010-3630 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/suppor
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3621 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3656 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3658 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3622 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-4091 | 9.3 |
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF
|
30-10-2018 - 16:25 | 07-11-2010 - 22:00 | |
| CVE-2010-3629 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. Per: http://www.adobe.co
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3628 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3625 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." Per: http://www.adobe.com/support/security
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3626 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3627 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-21.html
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3657 | 4.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. Per: http://www.adobe
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3619 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3632 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-3620 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2009-3954 | 10.0 |
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2010-2889 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. Per: http://www.adobe.com
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-2201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2206 | 9.3 |
Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and tri
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2168 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerabil
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-1295 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2009-3956 | 10.0 |
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerabi
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2010-2888 | 9.3 |
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. Per: http://www.adobe.com/support/security/bulletins/
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-2210 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2009-3958 | 10.0 |
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2010-2207 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2205 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb1
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2202 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2009-3957 | 5.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb10-02
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2010-1285 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that trigge
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2009-3959 | 10.0 |
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document. Per: http://www.adobe.com/support/secur
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2009-3955 | 10.0 |
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer si
|
30-10-2018 - 16:25 | 13-01-2010 - 19:30 | |
| CVE-2010-2204 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: http://www.adobe.com/supp
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2890 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, C
|
30-10-2018 - 16:25 | 06-10-2010 - 17:00 | |
| CVE-2010-2208 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/suppo
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2211 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2209 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295,
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2010-2212 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a cra
|
30-10-2018 - 16:25 | 30-06-2010 - 18:30 | |
| CVE-2011-0600 | 9.3 |
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorre
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0570 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0606 | 9.3 |
Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0204 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2010-0196 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2010-0201 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0591 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0198 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0592 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, r
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0602 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0593 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0202 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0585 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0191 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0562 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0598 | 9.3 |
Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0192 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0590 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CV
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0594 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0563 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0595 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0567 | 9.3 |
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that tri
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0603 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0564 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0193 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0586 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0203 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0599 | 9.3 |
The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointe
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0199 | 9.3 |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0596 | 9.3 |
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0589 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0197 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2010-0190 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0587 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0604 | 4.3 |
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a differen
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2011-0565 | 9.3 |
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0195 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0588 | 6.9 |
Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerabi
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2010-0194 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197,
|
30-10-2018 - 16:25 | 14-04-2010 - 16:00 | |
| CVE-2011-0566 | 9.3 |
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerabili
|
30-10-2018 - 16:25 | 10-02-2011 - 18:00 | |
| CVE-2008-0106 | 9.0 |
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
|
15-10-2018 - 21:57 | 08-07-2008 - 23:41 | |
| CVE-2008-0086 | 9.0 |
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
|
15-10-2018 - 21:57 | 08-07-2008 - 23:41 | |
| CVE-2013-3916 | 9.3 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3910 | 9.3 |
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3912 | 9.3 |
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3908 | 4.3 |
Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview acti
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3895 | 6.8 |
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3911 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3891 | 9.3 |
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3875 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3914 | 9.3 |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3882 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3860 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service (application crash or hang) via a crafted signed XML d
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3885 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3866 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3855 | 9.3 |
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerab
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3909 | 4.3 |
Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerabilit
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3890 | 9.3 |
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3898 | 7.9 |
Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3870 | 9.3 |
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3852 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corrupti
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3874 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3853 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3889 | 9.3 |
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Serve
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3865 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3854 | 9.3 |
Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3872 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3861 | 7.8 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allows remote attackers to cause a denial of service (application crash or hang) via crafted character sequences in JSON data, aka "JSON Parsing Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3858 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3886 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3871 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3857 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attacker
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3873 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3851 | 9.3 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "W
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3915 | 9.3 |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3880 | 3.5 |
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan h
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3864 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3917 | 9.3 |
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:05 | 13-11-2013 - 00:55 | |
| CVE-2013-3892 | 9.3 |
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 09-10-2013 - 14:53 | |
| CVE-2013-3856 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
|
12-10-2018 - 22:05 | 11-09-2013 - 14:03 | |
| CVE-2013-3125 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3198 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3142 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3188 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3178 | 9.3 |
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer V
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3153 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3117 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3112 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3191 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3162 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3202 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3776 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulne
|
12-10-2018 - 22:04 | 17-07-2013 - 13:41 | |
| CVE-2013-3209 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3159 | 4.3 |
Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3150 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3122 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3206 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3194 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3133 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafte
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3123 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3205 | 9.3 |
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3189 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3171 | 9.3 |
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser a
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3145 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3781 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulne
|
12-10-2018 - 22:04 | 17-07-2013 - 13:41 | |
| CVE-2013-3201 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3190 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3179 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3160 | 5.0 |
Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, and Word Viewer allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XM
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3203 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3132 | 9.3 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBA
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3127 | 9.3 |
The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafte
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3847 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3156 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerab
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3116 | 9.3 |
Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3207 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3187 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3164 | 9.3 |
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3161 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3139 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3119 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3140 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 16-12-2013 - 15:14 | |
| CVE-2013-3113 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3124 | 9.3 |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3199 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3147 | 9.3 |
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3115 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3849 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3196 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3180 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3146 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3197 | 7.2 |
The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory add
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3155 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a di
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3149 | 9.3 |
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3848 | 9.3 |
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary c
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3208 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3144 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3148 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3134 | 9.3 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework ap
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3120 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3111 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3850 | 9.3 |
Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3152 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3141 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3114 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3845 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3204 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3193 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3184 | 9.3 |
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3158 | 9.3 |
Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3136 | 4.4 |
The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to ob
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3121 | 9.3 |
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3192 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3182 | 7.8 |
The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system h
|
12-10-2018 - 22:04 | 14-08-2013 - 11:10 | |
| CVE-2013-3166 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scro
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3157 | 9.3 |
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a di
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-3143 | 9.3 |
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CV
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3118 | 9.3 |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-3151 | 9.3 |
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability tha
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3131 | 9.3 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a craf
|
12-10-2018 - 22:04 | 10-07-2013 - 03:46 | |
| CVE-2013-3126 | 9.3 |
Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer
|
12-10-2018 - 22:04 | 12-06-2013 - 03:30 | |
| CVE-2013-3110 | 9.3 |
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE
|
12-10-2018 - 22:04 | 12-06-2013 - 03:29 | |
| CVE-2013-2393 | 1.5 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
|
12-10-2018 - 22:04 | 17-04-2013 - 17:55 | |
| CVE-2013-1310 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1284 | 4.9 |
Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1291 | 7.1 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenT
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1337 | 7.5 |
Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authenti
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1329 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1335 | 9.3 |
Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1318 | 10.0 |
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1306 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnera
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1324 | 9.3 |
Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability."
|
12-10-2018 - 22:04 | 13-11-2013 - 00:55 | |
| CVE-2013-1330 | 10.0 |
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-1290 | 3.5 |
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1282 | 5.0 |
The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1343 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-1325 | 9.3 |
Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability."
|
12-10-2018 - 22:04 | 13-11-2013 - 00:55 | |
| CVE-2013-1308 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1333 | 7.2 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1323 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1327 | 9.3 |
Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1301 | 4.3 |
Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1320 | 10.0 |
Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1309 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1341 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 allows local users to gain privileges via a crafted application, a
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-1336 | 5.0 |
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve s
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1317 | 9.3 |
Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1307 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different v
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1289 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1296 | 9.3 |
The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a d
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1319 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1305 | 7.8 |
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1297 | 4.3 |
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1342 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-1338 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 02-05-2013 - 03:31 | |
| CVE-2013-1302 | 9.3 |
Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lyn
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1316 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1321 | 9.3 |
Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1304 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2013-1344 | 7.2 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privil
|
12-10-2018 - 22:04 | 11-09-2013 - 14:03 | |
| CVE-2013-1313 | 9.3 |
Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability."
|
12-10-2018 - 22:04 | 13-02-2013 - 12:04 | |
| CVE-2013-1328 | 9.3 |
Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1312 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1322 | 10.0 |
Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
|
12-10-2018 - 22:04 | 15-05-2013 - 03:36 | |
| CVE-2013-1303 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a differ
|
12-10-2018 - 22:04 | 09-04-2013 - 22:55 | |
| CVE-2012-4786 | 10.0 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute
|
12-10-2018 - 22:03 | 12-12-2012 - 00:55 | |
| CVE-2012-3214 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
|
12-10-2018 - 22:03 | 17-10-2012 - 00:55 | |
| CVE-2012-3110 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:03 | 17-07-2012 - 23:55 | |
| CVE-2012-3108 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:03 | 17-07-2012 - 23:55 | |
| CVE-2012-3106 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:03 | 17-07-2012 - 23:55 | |
| CVE-2012-4781 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 12-12-2012 - 00:55 | |
| CVE-2012-3107 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:03 | 17-07-2012 - 23:55 | |
| CVE-2012-3217 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. Per: http://www.oracle.com/technetwork/topic
|
12-10-2018 - 22:03 | 17-10-2012 - 10:54 | |
| CVE-2012-3109 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-
|
12-10-2018 - 22:03 | 17-07-2012 - 23:55 | |
| CVE-2012-2521 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability."
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
| CVE-2012-2523 | 9.3 |
Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Ov
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
| CVE-2012-2528 | 9.3 |
Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote atta
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
| CVE-2012-2522 | 9.3 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corru
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
| CVE-2012-2543 | 9.3 |
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack O
|
12-10-2018 - 22:03 | 14-11-2012 - 00:55 | |
| CVE-2012-2536 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulne
|
12-10-2018 - 22:03 | 11-09-2012 - 18:55 | |
| CVE-2012-2557 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
| CVE-2012-2526 | 9.3 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, ak
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
| CVE-2013-0811 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different v
|
12-10-2018 - 22:03 | 15-05-2013 - 03:36 | |
| CVE-2012-2548 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
| CVE-2012-2552 | 4.3 |
Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or H
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
| CVE-2012-1894 | 6.9 |
Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these
|
12-10-2018 - 22:03 | 10-07-2012 - 21:55 | |
| CVE-2012-2546 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 21-09-2012 - 21:55 | |
| CVE-2012-2520 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0
|
12-10-2018 - 22:03 | 09-10-2012 - 21:55 | |
| CVE-2012-2524 | 9.3 |
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerabilit
|
12-10-2018 - 22:03 | 15-08-2012 - 01:55 | |
| CVE-2013-0084 | 7.5 |
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Direct
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0418 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability t
|
12-10-2018 - 22:03 | 17-01-2013 - 01:55 | |
| CVE-2013-0393 | 6.8 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability t
|
12-10-2018 - 22:03 | 17-01-2013 - 01:55 | |
| CVE-2013-0080 | 7.5 |
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0085 | 7.8 |
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0079 | 9.3 |
Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0027 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerabil
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
| CVE-2013-0015 | 4.3 |
Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scroll
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
| CVE-2013-0096 | 6.8 |
Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." Per: http://technet.microsof
|
12-10-2018 - 22:03 | 15-05-2013 - 03:36 | |
| CVE-2013-0025 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
| CVE-2013-0081 | 5.0 |
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka
|
12-10-2018 - 22:03 | 11-09-2013 - 14:03 | |
| CVE-2013-0010 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
|
12-10-2018 - 22:03 | 09-01-2013 - 18:09 | |
| CVE-2013-0095 | 5.0 |
Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 ele
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0086 | 5.0 |
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
| CVE-2013-0028 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerabil
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
| CVE-2013-0082 | 9.3 |
Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."
|
12-10-2018 - 22:03 | 13-11-2013 - 00:55 | |
| CVE-2013-0078 | 7.2 |
The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerabi
|
12-10-2018 - 22:03 | 09-04-2013 - 22:55 | |
| CVE-2013-0009 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerabili
|
12-10-2018 - 22:03 | 09-01-2013 - 18:09 | |
| CVE-2013-0018 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability.
|
12-10-2018 - 22:03 | 13-02-2013 - 12:04 | |
| CVE-2012-1868 | 6.9 |
Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability."
|
12-10-2018 - 22:02 | 12-06-2012 - 22:55 | |
| CVE-2012-1885 | 9.3 |
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Se
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
| CVE-2012-1772 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1888 | 9.3 |
Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
| CVE-2012-1769 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1766 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1768 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1515 | 8.3 |
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtu
|
12-10-2018 - 22:02 | 02-04-2012 - 10:46 | |
| CVE-2012-1863 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafte
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1862 | 6.8 |
Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1860 | 5.5 |
Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive informati
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1859 | 4.3 |
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTM
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1853 | 10.0 |
Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Admini
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
| CVE-2012-1852 | 10.0 |
Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
| CVE-2012-1770 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1771 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1529 | 9.3 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use Af
|
12-10-2018 - 22:02 | 21-09-2012 - 21:55 | |
| CVE-2012-1887 | 9.3 |
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vuln
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
| CVE-2012-1526 | 9.3 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability
|
12-10-2018 - 22:02 | 15-08-2012 - 01:55 | |
| CVE-2012-1773 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1767 | 2.1 |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability
|
12-10-2018 - 22:02 | 17-07-2012 - 23:55 | |
| CVE-2012-1861 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaS
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1854 | 6.9 |
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain pr
|
12-10-2018 - 22:02 | 10-07-2012 - 21:55 | |
| CVE-2012-1849 | 9.3 |
Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file,
|
12-10-2018 - 22:02 | 12-06-2012 - 22:55 | |
| CVE-2012-1537 | 9.3 |
Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012
|
12-10-2018 - 22:02 | 12-12-2012 - 00:55 | |
| CVE-2012-1892 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
|
12-10-2018 - 22:02 | 11-09-2012 - 18:55 | |
| CVE-2012-1886 | 9.3 |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel
|
12-10-2018 - 22:02 | 14-11-2012 - 00:55 | |
| CVE-2012-0159 | 9.3 |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 bef
|
12-10-2018 - 22:02 | 09-05-2012 - 00:55 | |
| CVE-2012-0182 | 9.3 |
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
|
12-10-2018 - 22:02 | 09-10-2012 - 21:55 | |
| CVE-2010-3138 | 9.3 |
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player o
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
| CVE-2010-3148 | 9.3 |
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file
|
12-10-2018 - 21:58 | 27-08-2010 - 19:00 | |
| CVE-2008-1438 | 5.0 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
| CVE-2008-1437 | 5.0 |
Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted
|
12-10-2018 - 21:45 | 13-05-2008 - 22:20 | |
| CVE-2006-4695 | 9.3 |
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
|
12-10-2018 - 21:41 | 31-12-2006 - 05:00 | |
| CVE-2010-4370 | 9.3 |
Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.
|
10-10-2018 - 20:08 | 02-12-2010 - 16:22 | |
| CVE-2010-4089 | 9.3 |
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-
|
10-10-2018 - 20:07 | 29-10-2010 - 19:00 | |
| CVE-2010-4086 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than C
|
10-10-2018 - 20:07 | 29-10-2010 - 19:00 | |
| CVE-2010-4088 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE
|
10-10-2018 - 20:07 | 29-10-2010 - 19:00 | |
| CVE-2010-4087 | 9.3 |
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vul
|
10-10-2018 - 20:07 | 29-10-2010 - 19:00 | |
| CVE-2010-3976 | 9.3 |
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi
|
10-10-2018 - 20:06 | 19-10-2010 - 21:00 | |
| CVE-2010-3573 | 5.1 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
| CVE-2010-3567 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
| CVE-2010-3566 | 10.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
|
10-10-2018 - 20:04 | 19-10-2010 - 22:00 | |
| CVE-2010-3561 | 7.5 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
|
10-10-2018 - 20:03 | 19-10-2010 - 22:00 | |
| CVE-2010-3550 | 9.3 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
10-10-2018 - 20:02 | 19-10-2010 - 22:00 | |
| CVE-2010-3189 | 9.3 |
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
|
10-10-2018 - 20:01 | 31-08-2010 - 20:00 | |
| CVE-2010-3128 | 9.3 |
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
|
10-10-2018 - 20:01 | 26-08-2010 - 18:36 | |
| CVE-2010-3000 | 9.3 |
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or
|
10-10-2018 - 20:00 | 30-08-2010 - 20:00 | |
| CVE-2010-2996 | 9.3 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
|
10-10-2018 - 20:00 | 30-08-2010 - 20:00 | |
| CVE-2010-2586 | 9.3 |
Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.
|
10-10-2018 - 19:59 | 02-12-2010 - 16:22 | |
| CVE-2010-2582 | 9.3 |
An unspecified function in TextXtra.x32 in Adobe Shockwave Player before 11.5.9.615 does not properly reallocate a buffer when processing a DEMX chunk in a Director file, which allows remote attackers to trigger a heap-based buffer overflow and execu
|
10-10-2018 - 19:59 | 29-10-2010 - 19:00 | |
| CVE-2010-2581 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of s
|
10-10-2018 - 19:59 | 29-10-2010 - 19:00 | |
| CVE-2010-1986 | 5.0 |
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends lon
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
| CVE-2010-1990 | 5.0 |
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive applicat
|
10-10-2018 - 19:58 | 20-05-2010 - 17:30 | |
| CVE-2010-1795 | 9.3 |
Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.
|
10-10-2018 - 19:57 | 20-08-2010 - 20:00 | |
| CVE-2010-1523 | 9.3 |
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
|
10-10-2018 - 19:57 | 06-11-2010 - 00:00 | |
| CVE-2010-1585 | 9.3 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a c
|
10-10-2018 - 19:57 | 28-04-2010 - 22:30 | |
| CVE-2010-1278 | 9.3 |
Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters.
|
10-10-2018 - 19:56 | 22-04-2010 - 14:30 | |
| CVE-2011-0994 | 10.0 |
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
|
09-10-2018 - 19:30 | 10-04-2011 - 02:55 | |
| CVE-2011-0533 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, rela
|
09-10-2018 - 19:29 | 17-02-2011 - 18:00 | |
| CVE-2011-0682 | 9.3 |
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element that contains a large number of children.
|
13-08-2018 - 21:47 | 31-01-2011 - 21:00 | |
| CVE-2012-4969 | 9.3 |
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
|
21-11-2017 - 18:13 | 18-09-2012 - 10:39 | |
| CVE-2011-1475 | 5.0 |
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP
|
19-09-2017 - 01:32 | 08-04-2011 - 15:17 | |
| CVE-2011-0681 | 4.3 |
The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0683 | 4.3 |
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0450 | 7.6 |
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary code via a crafted web site that hosts an executab
|
19-09-2017 - 01:32 | 31-01-2011 - 20:00 | |
| CVE-2011-0684 | 5.0 |
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensit
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0531 | 9.3 |
demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory co
|
19-09-2017 - 01:32 | 07-02-2011 - 21:00 | |
| CVE-2011-0686 | 5.0 |
Unspecified vulnerability in Opera before 11.01 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by vkontakte.ru.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0638 | 6.9 |
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and
|
19-09-2017 - 01:32 | 25-01-2011 - 01:00 | |
| CVE-2011-0685 | 2.1 |
The Delete Private Data feature in Opera before 11.01 does not properly implement the "Clear all email account passwords" option, which might allow physically proximate attackers to access an e-mail account via an unattended workstation.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0687 | 4.3 |
Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.
|
19-09-2017 - 01:32 | 31-01-2011 - 21:00 | |
| CVE-2011-0522 | 6.8 |
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a su
|
19-09-2017 - 01:32 | 07-02-2011 - 21:00 | |
| CVE-2010-4374 | 4.3 |
The in_mkv plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via a Matroska Video (MKV) file containing a string with a crafted length.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
| CVE-2010-3822 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to exe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3776 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (me
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-4035 | 9.3 |
Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-4700 | 6.8 |
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injecti
|
19-09-2017 - 01:31 | 18-01-2011 - 20:00 | |
| CVE-2010-3770 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2)
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3635 | 10.0 |
Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability."
|
19-09-2017 - 01:31 | 10-11-2010 - 03:00 | |
| CVE-2010-4698 | 5.0 |
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstex
|
19-09-2017 - 01:31 | 18-01-2011 - 20:00 | |
| CVE-2010-4485 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4036 | 6.8 |
Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3826 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3775 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary loca
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3771 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome priv
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3813 | 5.8 |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly othe
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3808 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to exec
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-4044 | 4.3 |
Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3805 | 9.3 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors invo
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3653 | 9.3 |
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose va
|
19-09-2017 - 01:31 | 26-10-2010 - 18:00 | |
| CVE-2010-4414 | 6.8 |
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.
|
19-09-2017 - 01:31 | 19-01-2011 - 16:00 | |
| CVE-2010-3817 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allow
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3768 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3638 | 4.3 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.
|
19-09-2017 - 01:31 | 07-11-2010 - 22:00 | |
| CVE-2010-3634 | 5.0 |
Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors.
|
19-09-2017 - 01:31 | 10-11-2010 - 03:00 | |
| CVE-2010-4490 | 9.3 |
Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via malformed video content that triggers an indexing error.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-3824 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3804 | 5.0 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attacke
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3774 | 4.3 |
The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remo
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3772 | 9.3 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-4508 | 10.0 |
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification.
|
19-09-2017 - 01:31 | 09-12-2010 - 20:00 | |
| CVE-2010-4478 | 7.5 |
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending c
|
19-09-2017 - 01:31 | 06-12-2010 - 22:30 | |
| CVE-2010-3563 | 10.0 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-4048 | 4.3 |
Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-4484 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-3821 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attacker
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-4033 | 5.0 |
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3769 | 9.3 |
The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers t
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3816 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3778 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3741 | 4.7 |
The offline backup mechanism in Research In Motion (RIM) BlackBerry Desktop Software uses single-iteration PBKDF2, which makes it easier for local users to decrypt a .ipd file via a brute-force attack.
|
19-09-2017 - 01:31 | 05-10-2010 - 18:00 | |
| CVE-2010-4489 | 4.3 |
libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4050 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3820 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3773 | 6.8 |
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objec
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3767 | 9.3 |
Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3633 | 5.0 |
Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
19-09-2017 - 01:31 | 10-11-2010 - 03:00 | |
| CVE-2010-4046 | 4.3 |
Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3803 | 9.3 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted str
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-4491 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4372 | 9.3 |
Integer overflow in the in_nsv plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to improper allocation of memory for NSV metadata, a different vulnerability than CVE-2010-2586.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
| CVE-2010-3809 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execut
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-4483 | 4.3 |
Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4150 | 5.0 |
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via
|
19-09-2017 - 01:31 | 07-12-2010 - 22:00 | |
| CVE-2010-3819 | 9.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3766 | 9.3 |
Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-4043 | 4.3 |
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3823 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-4488 | 5.0 |
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4092 | 9.3 |
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an
|
19-09-2017 - 01:31 | 05-11-2010 - 21:00 | |
| CVE-2010-4047 | 4.3 |
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-4049 | 4.3 |
Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3811 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3570 | 7.6 |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-3555 | 9.3 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-4090 | 9.3 |
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
| CVE-2010-4084 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, an
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
| CVE-2010-3812 | 9.3 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows re
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3777 | 9.3 |
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:31 | 10-12-2010 - 19:00 | |
| CVE-2010-3781 | 6.0 |
The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEF
|
19-09-2017 - 01:31 | 06-10-2010 - 21:00 | |
| CVE-2010-3558 | 10.0 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-4373 | 4.3 |
The in_mp4 plugin in Winamp before 5.6 allows remote attackers to cause a denial of service (application crash) via crafted (1) metadata or (2) albumart in an invalid MP4 file.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
| CVE-2010-4085 | 9.3 |
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, an
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
| CVE-2010-4037 | 4.3 |
Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3655 | 9.3 |
Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code via unspecified vectors.
|
19-09-2017 - 01:31 | 29-10-2010 - 19:00 | |
| CVE-2010-4486 | 9.3 |
Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to history handling.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4371 | 9.3 |
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
|
19-09-2017 - 01:31 | 02-12-2010 - 16:22 | |
| CVE-2010-3818 | 9.3 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via v
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3810 | 4.3 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history vi
|
19-09-2017 - 01:31 | 22-11-2010 - 13:00 | |
| CVE-2010-3765 | 9.3 |
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related
|
19-09-2017 - 01:31 | 28-10-2010 - 00:00 | |
| CVE-2010-4482 | 5.0 |
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
|
19-09-2017 - 01:31 | 07-12-2010 - 21:00 | |
| CVE-2010-4045 | 9.3 |
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-4034 | 9.3 |
Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3560 | 2.6 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-3183 | 9.3 |
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls tha
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3181 | 6.9 |
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the c
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3552 | 10.0 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
|
19-09-2017 - 01:31 | 19-10-2010 - 22:00 | |
| CVE-2010-3399 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
| CVE-2010-3129 | 9.3 |
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll,
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3177 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) f
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3174 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3173 | 7.5 |
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which m
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-2862 | 9.3 |
Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.
|
19-09-2017 - 01:31 | 05-08-2010 - 18:17 | |
| CVE-2010-3191 | 9.3 |
Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is locate
|
19-09-2017 - 01:31 | 31-08-2010 - 20:00 | |
| CVE-2010-3180 | 9.3 |
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessin
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3137 | 9.3 |
Untrusted search path vulnerability in Nullsoft Winamp 5.581, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wnaspi32.dll that is located
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3124 | 9.3 |
Untrusted search path vulnerability in bin/winvlc.c in VLC Media Player 1.1.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll that is located i
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3001 | 9.3 |
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser window
|
19-09-2017 - 01:31 | 30-08-2010 - 20:00 | |
| CVE-2010-3143 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
| CVE-2010-2600 | 9.3 |
Untrusted search path vulnerability in BlackBerry Desktop Software before 6.0.0.47 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folde
|
19-09-2017 - 01:31 | 15-09-2010 - 18:00 | |
| CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3139 | 9.3 |
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located i
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
| CVE-2010-3134 | 9.3 |
Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .k
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3136 | 9.3 |
Untrusted search path vulnerability in Skype 4.2.0.169 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32.dll that is located in the same folder as a .sk
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3433 | 6.0 |
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL use
|
19-09-2017 - 01:31 | 06-10-2010 - 17:00 | |
| CVE-2010-3179 | 9.3 |
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3175 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3142 | 9.3 |
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder
|
19-09-2017 - 01:31 | 27-08-2010 - 19:00 | |
| CVE-2010-3002 | 9.3 |
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
|
19-09-2017 - 01:31 | 30-08-2010 - 20:00 | |
| CVE-2010-3132 | 9.3 |
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3126 | 9.3 |
Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3176 | 9.3 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3178 | 5.8 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window an
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
| CVE-2010-3400 | 5.8 |
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote at
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
| CVE-2010-3171 | 5.8 |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attac
|
19-09-2017 - 01:31 | 15-09-2010 - 20:00 | |
| CVE-2010-3133 | 9.3 |
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-3127 | 9.3 |
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the
|
19-09-2017 - 01:31 | 26-08-2010 - 18:36 | |
| CVE-2010-2935 | 9.3 |
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or pos
|
19-09-2017 - 01:31 | 25-08-2010 - 20:00 | |
| CVE-2011-0021 | 9.3 |
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.
|
19-09-2017 - 01:31 | 25-01-2011 - 19:00 | |
| CVE-2009-4764 | 9.3 |
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
| CVE-2010-1767 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a
|
19-09-2017 - 01:30 | 24-09-2010 - 19:00 | |
| CVE-2010-1506 | 7.8 |
The Google V8 bindings in Google Chrome before 4.1.249.1059 allow attackers to cause a denial of service (memory corruption) via unknown vectors.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1663 | 10.0 |
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
| CVE-2010-1500 | 7.5 |
Google Chrome before 4.1.249.1059 does not properly support forms, which has unknown impact and attack vectors, related to a "type confusion error."
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1664 | 5.0 |
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
| CVE-2010-1505 | 10.0 |
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1201 | 9.3 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ex
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
| CVE-2010-1240 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
| CVE-2010-1851 | 4.3 |
Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request l
|
19-09-2017 - 01:30 | 07-05-2010 - 18:24 | |
| CVE-2010-1503 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1241 | 9.3 |
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
| CVE-2010-1504 | 4.3 |
Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1768 | 6.9 |
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
|
19-09-2017 - 01:30 | 20-08-2010 - 20:00 | |
| CVE-2010-1665 | 7.5 |
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
|
19-09-2017 - 01:30 | 03-05-2010 - 13:51 | |
| CVE-2010-1769 | 10.0 |
WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (appl
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
| CVE-2010-1777 | 9.3 |
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
|
19-09-2017 - 01:30 | 30-07-2010 - 13:26 | |
| CVE-2010-1502 | 9.3 |
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
|
19-09-2017 - 01:30 | 23-04-2010 - 14:30 | |
| CVE-2010-1763 | 10.0 |
Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.
|
19-09-2017 - 01:30 | 18-06-2010 - 16:30 | |
| CVE-2010-1122 | 10.0 |
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a d
|
19-09-2017 - 01:30 | 25-03-2010 - 22:30 | |
| CVE-2010-0116 | 9.3 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 | |
| CVE-2010-0648 | 4.3 |
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the do
|
19-09-2017 - 01:30 | 18-02-2010 - 18:00 | |
| CVE-2010-0183 | 9.3 |
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame con
|
19-09-2017 - 01:30 | 24-06-2010 - 12:30 | |
| CVE-2010-0120 | 9.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 | |
| CVE-2010-0117 | 9.3 |
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
|
19-09-2017 - 01:30 | 30-08-2010 - 20:00 |