14 matches found
CVE-2025-21338
CVE-2025-21338 is a GDI+ Remote Code Execution vulnerability. The CVE affects Windows components that use GDI+ and has a CVSSv3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW privileges required, no user interaction, and impacts to confidentiality, integrity, and availability as describ...
CVE-2006-1540
Mode C: The CVE-2006-1540 issue affects Microsoft Office 2000, XP (2002), and 2003. It stems from a memory corruption vulnerability caused by malformed strings in Office Document files, enabling user‑assisted execution of arbitrary code and potential denial of service when opening crafted Excel, ...
CVE-2023-36565
CVE-2023-36565 is a Microsoft Office Graphics elevation-of-privilege vulnerability. Affected are various Office products (e.g., Office 2019/2021, Office for Mac; list from Kaspersky NCSC doc) where the Graphics component can elevate privileges within a local context. Reported root cause is a priv...
CVE-2025-26687
CVE-2025-26687 is a use-after-free in Windows Win32K - GRFX that enables a network-based privilege escalation. The affected component is the Win32K GRFX graphics subsystem; the underlying issue is a use-after-free in that path, leading to total impact (CVE-2025-26687 shows a base score of 7.5/10 ...
CVE-2005-2127
CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...
CVE-2025-30388
Technical details about CVE-2025-30388 are not provided in the connected documents. Public information remains limited to the initial description. Monitor for updates from official advisories for affected products, impacts, and remediation.
CVE-2004-0848
CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...
CVE-2025-53766
CVE-2025-53766 is a heap-based buffer overflow in Windows GDI+ that enables a remote attacker to execute code over a network. Public details describe the vulnerability as a memory overflow in GDI+ triggered by processing specially crafted metafiles, potentially allowing arbitrary code execution w...
CVE-2006-4694
The CVE-2006-4694 entry concerns a vulnerability in Microsoft PowerPoint (Office 2000/XP/2003) where malformed PowerPoint records, specifically NamedShows, are not properly handled. A crafted .PPT file can enable user‑assisted code execution in the context of the logged‑in user, with exploit acti...
CVE-2007-0065
CVE-2007-0065 is a remote code execution vulnerability described as an OLE Heap Overrun in Object Linking and Embedding (OLE) Automation. The flaw is a heap-based buffer overflow triggered by specially crafted script requests, affecting Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1/SP...
CVE-2006-1311
CVE-2006-1311 is a remote code execution vulnerability in Microsoft RichEdit. The RichEdit components in Windows 2000 SP4, XP SP2, 2003 SP1 and Office suites (2000 SP3, XP SP3, 2003 SP2) plus Office for Mac 2004 and Learning Essentials are affected. The flaw arises from insufficient validation wh...
CVE-2007-3282
The CVE-2007-3282 entry concerns a buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object. The vulnerability is triggered by a long argument to the DeleteRecordSourceIfUnused method, potentially allowing remote attackers to cause a denial of service and, in some cases, to exe...
CVE-2007-3109
The CVE-2007-3109 description in the connected documents identifies the CERN Image Map Dispatcher (htimage.exe) used by Microsoft FrontPage as the affected component. The vulnerability allows remote attackers to determine the existence and potentially partial contents of arbitrary files under the...
CVE-2025-53732
CVE-2025-53732 is a heap-based buffer overflow in Microsoft Office that enables local code execution. The CVE is rated CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required, but user interaction is required; impact to confidentiality, integrity, an...