4985 matches found
VulnCheck KEV: CVE-2008-2641
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...
VulnCheck KEV: CVE-2007-0071
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer...
VulnCheck KEV: CVE-2007-6026
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 aka Microsoft Jet Engine, as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column...
VulnCheck KEV: CVE-2008-1840
SQL injection vulnerability in upload.php in Coppermine Photo Gallery CPG 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload...
VulnCheck KEV: CVE-2008-1841
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery CPG 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the sessionid variable, as exploited in the wild in...
VulnCheck KEV: CVE-2008-1092
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026...
VulnCheck KEV: CVE-2007-5779
Buffer overflow in the GomManager GomWeb Control ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player GOM Player 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method...
VulnCheck KEV: CVE-2006-5820
The LinkSBIcons method in the SuperBuddy ActiveX control Sb.SuperBuddy.1 in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value...
VulnCheck KEV: CVE-2007-0018
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control NCTAudioFile2.dll, as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include 1 NCTsoft NCTAudioStudio,...
VulnCheck KEV: CVE-2008-0655
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times...
VulnCheck KEV: CVE-2008-0647
Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 aka Lianzong Game Platform allow remote attackers to execute arbitrary code via long arguments to the 1 hgsstartGame and 2 hgsstartNotify...
VulnCheck KEV: CVE-2007-5347
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."...
VulnCheck KEV: CVE-2007-6436
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party...
VulnCheck KEV: CVE-2007-5587
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted...
VulnCheck KEV: CVE-2007-3896
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox,...
VulnCheck KEV: CVE-2007-5807
Buffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
VulnCheck KEV: CVE-2007-5722
Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the...
VulnCheck KEV: CVE-2007-5020
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher...
VulnCheck KEV: CVE-2007-3899
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."...
VulnCheck KEV: CVE-2003-0352
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms...
VulnCheck KEV: CVE-2007-1070
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the 1 CMONNetTestConnection,...
VulnCheck KEV: CVE-2007-4428
Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116...
VulnCheck KEV: CVE-2007-4246
Unspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D Tarodrop.Q, a different vulnerability than...
VulnCheck KEV: CVE-2007-3375
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper...
VulnCheck KEV: CVE-2007-0870
Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service crash via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027...
VulnCheck KEV: CVE-2007-1748
Stack-based buffer overflow in the RPC interface in the Domain Name System DNS Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape...
VulnCheck KEV: CVE-2007-2426
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter...
VulnCheck KEV: CVE-2007-2024
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...
VulnCheck KEV: CVE-2007-1938
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting XSS...
VulnCheck KEV: CVE-2007-0038
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service persistent reboot via a large length value in the second or later anih block of a RIFF .ANI, cur, or .ico file,...
VulnCheck KEV: CVE-2007-1765
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service persistent reboot via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar...
VulnCheck KEV: CVE-2006-5994
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different...
VulnCheck KEV: CVE-2006-6561
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and...
VulnCheck KEV: CVE-2006-6456
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994...
VulnCheck KEV: CVE-2007-0515
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a...
VulnCheck KEV: CVE-2006-4704
Cross-zone scripting vulnerability in the WMI Object Broker WMIScriptUtils.WMIObjectBroker2 ActiveX control WmiScriptUtils.dll in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI...
VulnCheck KEV: CVE-2007-0024
Integer overflow in the Vector Markup Language VML implementation vgx.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer...
VulnCheck KEV: CVE-2006-4777
Heap-based buffer overflow in the DirectAnimation Path Control DirectAnimation.PathControl COM object daxctle.ocx for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the...
VulnCheck KEV: CVE-2006-4446
Heap-based buffer overflow in DirectAnimation.PathControl COM object daxctle.ocx in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points...
VulnCheck KEV: CVE-2006-5745
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP XML HTTP ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a...
VulnCheck KEV: CVE-2006-3730
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service crash and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy...
VulnCheck KEV: CVE-2006-4694
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...
VulnCheck KEV: CVE-2006-4534
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo...
VulnCheck KEV: CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine vgx.dll, as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language VML file with a long fill...
VulnCheck KEV: CVE-2006-4434
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service crash via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of...
VulnCheck KEV: CVE-2004-1464
Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell RSH, Secure Shell SSH, and in some cases, Hypertext Transport Protocol HTTP access to the Cisco device...
VulnCheck KEV: CVE-2006-4326
Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by...
VulnCheck KEV: CVE-2006-3590
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493...
VulnCheck KEV: CVE-2006-3649
Buffer overflow in Microsoft Visual Basic for Applications VBA SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute...
VulnCheck KEV: CVE-2006-1301
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302...