CVE-2006-0003Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. |
Severity | MEDIUM |
Base Score | 5.1 |
Impact Score | 6.4 |
Exploit Score | 4.9 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2007-5659Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2008-0655Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2008-2992Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2008-5353The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2009-0927Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2009-3867Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2009-4324Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0188Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0248Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0840Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability." |
Severity | HIGH |
Base Score | 7.5 |
Impact Score | 6.4 |
Exploit Score | 10.0 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0842Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure. |
Severity | HIGH |
Base Score | 7.5 |
Impact Score | 6.4 |
Exploit Score | 10.0 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-0866Unspecified vulnerability in the JavaVM component in Oracle Database 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
Severity | MEDIUM |
Base Score | 6.5 |
Impact Score | 6.4 |
Exploit Score | 8.0 |
Confidentiality Impact | PARTIAL |
Integrity Impact | PARTIAL |
Availability Impact | PARTIAL |
Access Vector | |
Authentication | SINGLE |
Ease of Access | |
|
|
CVE-2010-1240Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2010-1297Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-2110Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-2140Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-2371Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-3544Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2011-3659Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2012-0500Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2012-0507Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. |
Severity | HIGH |
Base Score | 10.0 |
Impact Score | 10.0 |
Exploit Score | 10.0 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|
CVE-2012-0779Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. |
Severity | HIGH |
Base Score | 9.3 |
Impact Score | 10.0 |
Exploit Score | 8.6 |
Confidentiality Impact | COMPLETE |
Integrity Impact | COMPLETE |
Availability Impact | COMPLETE |
Access Vector | |
Authentication | NONE |
Ease of Access | |
|
|