Lucene search
K
MicrosoftVisual Studio .net2003

25 matches found

CVE
CVE
added 2009/07/29 5:0 p.m.304 views

CVE-2009-0901

CVE-2009-0901 describes a remote code execution vulnerability in Microsoft Active Template Library (ATL) used by Visual Studio and Windows components. The issue arises when ATL headers mishandle uninitialized VARIANTs, allowing a specially crafted stream to trigger VariantClear on an uninitialize...

9.3CVSS7.4AI score0.42004EPSS
CVE
CVE
added 2010/08/31 7:25 p.m.246 views

CVE-2010-3190

CVE-2010-3190 affects the Microsoft Foundation Class (MFC) library used by Visual Studio (2003 SP1; 2005 SP1/2008 SP1/2010) and Exchange Server 2010/2013. Vulnerability arises from untrusted search path loading of dwmapi.dll in the current working directory, enabling local privilege escalation th...

9.3CVSS7.4AI score0.09038EPSS
CVE
CVE
added 2009/07/29 5:0 p.m.186 views

CVE-2009-2495

CVE-2009-2495 is part of the ATL mathing family addressed by Microsoft in MS09-035/MS09-060. The vulnerability is the ATL Null String Vulnerability, where an attacker could read memory beyond the end of a string due to improper termination in ATL-based components/controls built with Visual Studio...

7.8CVSS5.9AI score0.41869EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.160 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.157 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.152 views

CVE-2004-0200

CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...

9.3CVSS7.6AI score0.49024EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.146 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.129 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.118 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.108 views

CVE-2009-2496

CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...

9.3CVSS8AI score0.29462EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.105 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.103 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.101 views

CVE-2013-3129

CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...

9.3CVSS7.3AI score0.32378EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.94 views

CVE-2008-4254

CVE-2008-4254 describes a remote code execution vulnerability in the Microsoft Visual Basic 6.0 Runtime Extended Files Hierarchical FlexGrid ActiveX control (mshflxgd.ocx). The issue arises from multiple integer overflows in the Hierarchical FlexGrid control when manipulating the Rows/Cols proper...

8.5CVSS7.5AI score0.2206EPSS
CVE
CVE
added 2008/08/18 7:0 p.m.89 views

CVE-2008-3704

CVE-2008-3704 corresponds to a heap-based buffer overflow in the MaskedEdit ActiveX control (Msmask32.ocx) that occurs when a long Mask parameter is processed. The defect affects Msmask32.ocx version 6.0.81.69 and possibly earlier versions (up to 6.0.84.18), within Microsoft Visual Studio 6.0, Vi...

9.3CVSS7.7AI score0.55917EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.87 views

CVE-2008-4255

MODE_C: CVE-2008-4255 maps to a heap-based buffer overflow in MS MSCOMCT2.OCX (Visual Basic 6.0 ActiveX control) used by VB6 runtimes, Visual FoxPro, and Office Project components. The flaw occurs when parsing a malformed AVI stream, leading to memory corruption and remote code execution. Affecte...

9.3CVSS7.7AI score0.53703EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.86 views

CVE-2008-4256

The CVE-2008-4256 entry maps to the Charts ActiveX Control memory corruption vulnerability in Microsoft Visual Basic 6.0 runtime components (notably Mschart20.ocx) and related VB/FoxPro runtimes. The root cause is improper error handling when accessing incorrectly initialized objects, enabling re...

8.5CVSS7.3AI score0.20976EPSS
CVE
CVE
added 2005/08/19 4:0 a.m.85 views

CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

7.5CVSS7.8AI score0.63665EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.82 views

CVE-2004-0204

CVE-2004-0204 describes a directory traversal in Crystal Reports and Crystal Enterprise Web viewers redistributed with Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Microsoft Business Solutions CRM 1.2. The vulnerability arises from improper validation of HTTP...

7.5CVSS6.8AI score0.72993EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.78 views

CVE-2008-4252

CVE-2008-4252, -4253, -4254, -4255, -4256 describe memory corruption vulnerabilities in Visual Basic 6.0 ActiveX Controls (DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI Parsing, Charts, Masked Edit). Exploitation vector involves remote code execution by delivering a crafted web pa...

8.5CVSS7.3AI score0.20976EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.76 views

CVE-2008-4253

CVE-2008-4253 is a remote code execution vulnerability in the FlexGrid ActiveX control used by Visual Basic 6.0, Visual FoxPro 8.0 SP1/9.0 SP1/SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3. The issue arises when the ActiveX control handles errors during access to improperly initiali...

8.5CVSS7.3AI score0.20976EPSS
CVE
CVE
added 2008/03/11 11:0 p.m.72 views

CVE-2007-1201

CVE-2007-1201 is a remote code execution vulnerability in Microsoft Office Web Components 2000 related to the DataSource handling that can trigger memory corruption. Multiple sources describe the DataSource Vulnerability as allowing an attacker to execute arbitrary code in the user’s context by v...

9.3CVSS7.3AI score0.28734EPSS
CVE
CVE
added 2007/02/13 8:0 p.m.71 views

CVE-2007-0025

The CVE-2007-0025 family describes a stack-based buffer overflow in the MFC component (AfxOleSetEditMenu) of the MFC42u.dll used by Windows 2000 SP4, XP SP2, Server 2003 SP1, and Visual Studio .NET 2000/2002/2003/2003 SP1. A malformed OLE object in an RTF file triggers memory corruption, enabling...

9.3CVSS7.7AI score0.36509EPSS
CVE
CVE
added 2006/11/28 1:0 a.m.58 views

CVE-2006-6133

CVE-2006-6133 is a remote-code-execution flaw in Crystal Reports for Visual Studio, affecting Visual Studio 2002/2003/2005 variants that bundle Crystal Reports. The vulnerability lies in how RPT files are parsed, allowing a crafted RPT file to execute arbitrary code with the caller’s privileges w...

7.6CVSS7.8AI score0.5202EPSS
CVE
CVE
added 2007/03/20 10:0 a.m.55 views

CVE-2007-1512

The CVE-2007-1512 entry describes a stack-based overflow in the MFC component (AfxOleSetEditMenu) of MFC42u.dll when processing an RTF file with a malformed embedded OLE object. This affects Windows 2000 SP4, XP SP2, and Server 2003 SP1/Gold, and Visual Studio .NET 2000/2002/2003 families. The ov...

10CVSS7.1AI score0.1133EPSS