Memory corruption

WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted HTML document...

CVE-2010-4198

CVE-2010-4198 affects WebKit as used in Google Chrome prior to 7.0.517.44 and webkitgtk prior to 1.2.6; it does not properly handle large text areas, enabling remote memory corruption (and potentially other impact) via a crafted HTML document. Affected products include WebKit/WebKitGTK+ and Chrom...

CVE-2010-4198

Removed by vendor...

Microsoft Internet Explorer invalid flag reference vulnerability

Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...

CVE-2010-4034

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2010-4035

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

Hardcoded credentials

Opera before 10.63 allows remote attackers to cause a denial of service application crash via a Flash movie with a transparent Window Mode aka wmode property, which is not properly handled during navigation away from the containing HTML document...

CVE-2010-4035

Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2010-4034

Removed by vendor...

CVE-2010-4035

Removed by vendor...

CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which...

Heap overflow

Heap-based buffer overflow in Comctl32.dll aka the common control library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute...

Memory corruption

Microsoft Windows Media Player WMP 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption...

CVE-2010-2745

Microsoft Windows Media Player WMP 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption...

CVE-2010-2745

CVE-2010-2745 is a Windows Media Player memory corruption vulnerability affecting WMP 9–12. It arises when Windows Media Player fails to deallocate objects during a browser reload, allowing a remote attacker to execute arbitrary code by convincing a user to visit a crafted web page. Exploitation ...

Trend Micro Internet Security Pro UfProxyBrowserCtrl ActiveX extSetOwner Function Arbitrary Code Execution

The UfProxyBrowserCtrl ActiveX control, a component of Trend Micro Internet Security Pro 2010 installed on the remote Windows host, reportedly has an issue in its 'extSetOwner' function that allows a remote attacker to run arbitrary code via an invalid address that is dereferenced as a pointer. I...

Apple Safari Multiple Vulnerabilities - Sep10

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnsep10.nasl 5263 2017-02-10 13:45:51Z teissa $ Apple Safari Multiple Vulnerabilities - Sep10 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Adobe Flash unspecified code execution vulnerability

Overview Adobe Flash contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code. Description Adobe Flash contains a vulnerability that can result in memory corruption, which can allow arbitrary code execution. See also Adobe Security Advisory...

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related...