CVE-2006-0003Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. |
Severity | MEDIUM |
Base Score | 5.1 |
Impact Score | 6.4 |
Exploit Score | 4.9 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2008-2463The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
Severity | MEDIUM |
Base Score | 6.8 |
Impact Score | 6.4 |
Exploit Score | 8.6 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0188Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0806Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0840Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." |
Severity | HIGH |
Base Score | 7.5 |
Impact Score | 6.4 |
Exploit Score | 10.0 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-1885The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-4452Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-0558Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-0559Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cause a parameter to be used as an object pointer, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-0611Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-2462Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-3521Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-3544Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|