Lucene search
K

14 matches found

CVE
CVE
added 2025/01/14 6:4 p.m.126 views

CVE-2025-21338

CVE-2025-21338 is a GDI+ Remote Code Execution vulnerability. The CVE affects Windows components that use GDI+ and has a CVSSv3.1 base score of 7.8 (HIGH) with LOCAL attack vector, LOW privileges required, no user interaction, and impacts to confidentiality, integrity, and availability as describ...

7.8CVSS7.9AI score0.00479EPSS
CVE
CVE
added 2006/03/30 11:0 a.m.101 views

CVE-2006-1540

Mode C: The CVE-2006-1540 issue affects Microsoft Office 2000, XP (2002), and 2003. It stems from a memory corruption vulnerability caused by malformed strings in Office Document files, enabling user‑assisted execution of arbitrary code and potential denial of service when opening crafted Excel, ...

9.3CVSS7.4AI score0.43664EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.99 views

CVE-2023-36565

CVE-2023-36565 is a Microsoft Office Graphics elevation-of-privilege vulnerability. Affected are various Office products (e.g., Office 2019/2021, Office for Mac; list from Kaspersky NCSC doc) where the Graphics component can elevate privileges within a local context. Reported root cause is a priv...

7CVSS7AI score0.00417EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.96 views

CVE-2025-26687

CVE-2025-26687 is a use-after-free in Windows Win32K - GRFX that enables a network-based privilege escalation. The affected component is the Win32K GRFX graphics subsystem; the underlying issue is a use-after-free in that path, leading to total impact (CVE-2025-26687 shows a base score of 7.5/10 ...

7.5CVSS7.5AI score0.01012EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.84 views

CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

7.5CVSS7.8AI score0.63665EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.84 views

CVE-2025-30388

Technical details about CVE-2025-30388 are not provided in the connected documents. Public information remains limited to the initial description. Monitor for updates from official advisories for affected products, impacts, and remediation.

7.8CVSS8AI score0.03467EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.83 views

CVE-2004-0848

CVE-2004-0848 corresponds to a buffer overflow in Microsoft Office XP that can allow remote code execution via specially crafted HTML links referencing URL file locations. Connected advisories detail that the overflow occurs in the Office process handling URL file references, enabling arbitrary c...

7.5CVSS7.8AI score0.27489EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.79 views

CVE-2025-53766

CVE-2025-53766 is a heap-based buffer overflow in Windows GDI+ that enables a remote attacker to execute code over a network. Public details describe the vulnerability as a memory overflow in GDI+ triggered by processing specially crafted metafiles, potentially allowing arbitrary code execution w...

9.8CVSS8AI score0.06706EPSS
CVE
CVE
added 2006/09/27 7:0 p.m.73 views

CVE-2006-4694

The CVE-2006-4694 entry concerns a vulnerability in Microsoft PowerPoint (Office 2000/XP/2003) where malformed PowerPoint records, specifically NamedShows, are not properly handled. A crafted .PPT file can enable user‑assisted code execution in the context of the logged‑in user, with exploit acti...

9.3CVSS7AI score0.12458EPSS
CVE
CVE
added 2008/02/12 10:0 p.m.70 views

CVE-2007-0065

CVE-2007-0065 is a remote code execution vulnerability described as an OLE Heap Overrun in Object Linking and Embedding (OLE) Automation. The flaw is a heap-based buffer overflow triggered by specially crafted script requests, affecting Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1/SP...

10CVSS7.7AI score0.43237EPSS
CVE
CVE
added 2007/02/13 8:0 p.m.67 views

CVE-2006-1311

CVE-2006-1311 is a remote code execution vulnerability in Microsoft RichEdit. The RichEdit components in Windows 2000 SP4, XP SP2, 2003 SP1 and Office suites (2000 SP3, XP SP3, 2003 SP2) plus Office for Mac 2004 and Learning Essentials are affected. The flaw arises from insufficient validation wh...

9.3CVSS7.4AI score0.31102EPSS
CVE
CVE
added 2007/06/19 10:0 p.m.64 views

CVE-2007-3282

The CVE-2007-3282 entry concerns a buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object. The vulnerability is triggered by a long argument to the DeleteRecordSourceIfUnused method, potentially allowing remote attackers to cause a denial of service and, in some cases, to exe...

7.8CVSS7.9AI score0.42236EPSS
CVE
CVE
added 2007/06/07 9:0 p.m.57 views

CVE-2007-3109

The CVE-2007-3109 description in the connected documents identifies the CERN Image Map Dispatcher (htimage.exe) used by Microsoft FrontPage as the affected component. The vulnerability allows remote attackers to determine the existence and potentially partial contents of arbitrary files under the...

6.4CVSS6.7AI score0.10857EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.45 views

CVE-2025-53732

CVE-2025-53732 is a heap-based buffer overflow in Microsoft Office that enables local code execution. The CVE is rated CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required, but user interaction is required; impact to confidentiality, integrity, an...

7.8CVSS8AI score0.00454EPSS