Security Vulnerabilities, CVEs, Published In 2010 (Overflow)
CVE-2010-4344
Known exploited
Public exploit
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Max CVSS
9.3
EPSS Score
93.07%
Published
2010-12-14
Updated
2023-02-13
CISA KEV Added
2022-03-25
CVE-2010-4321
Public exploit
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
Max CVSS
9.3
EPSS Score
48.34%
Published
2010-12-30
Updated
2011-09-21
CVE-2010-4221
Public exploit
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
Max CVSS
10.0
EPSS Score
96.41%
Published
2010-11-09
Updated
2011-09-15
CVE-2010-4142
Public exploit
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
Max CVSS
10.0
EPSS Score
44.49%
Published
2010-11-02
Updated
2010-11-04
CVE-2010-3972
Public exploit
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
96.84%
Published
2010-12-23
Updated
2021-02-05
CVE-2010-3970
Public exploit
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
Max CVSS
9.3
EPSS Score
97.31%
Published
2010-12-22
Updated
2023-12-07
CVE-2010-3765
Public exploit
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Max CVSS
9.3
EPSS Score
97.09%
Published
2010-10-28
Updated
2017-09-19
CVE-2010-3747
Public exploit
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
Max CVSS
9.3
EPSS Score
95.60%
Published
2010-10-19
Updated
2011-09-22
CVE-2010-3654
Public exploit
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Max CVSS
9.3
EPSS Score
97.38%
Published
2010-10-29
Updated
2017-09-19
CVE-2010-3653
Public exploit
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
90.86%
Published
2010-10-26
Updated
2017-09-19
CVE-2010-3407
Public exploit
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
Max CVSS
9.3
EPSS Score
93.65%
Published
2010-09-16
Updated
2018-10-10
CVE-2010-3333
Known exploited
Public exploit
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
Max CVSS
9.3
EPSS Score
97.31%
Published
2010-11-10
Updated
2018-10-12
CISA KEV Added
2022-03-03
CVE-2010-2883
Known exploited
Public exploit
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
80.94%
Published
2010-09-09
Updated
2018-10-30
CISA KEV Added
2022-06-08
CVE-2010-2709
Public exploit
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
Max CVSS
9.3
EPSS Score
96.20%
Published
2010-08-05
Updated
2017-08-17
CVE-2010-2703
Public exploit
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
Max CVSS
10.0
EPSS Score
96.12%
Published
2010-07-28
Updated
2018-10-10
CVE-2010-2590
Public exploit
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
Max CVSS
9.3
EPSS Score
90.76%
Published
2010-12-22
Updated
2018-10-10
CVE-2010-2343
Public exploit
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
Max CVSS
9.3
EPSS Score
94.85%
Published
2010-06-21
Updated
2017-08-17
CVE-2010-2309
Public exploit
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
Max CVSS
7.5
EPSS Score
89.62%
Published
2010-06-16
Updated
2010-06-17
CVE-2010-2227
Public exploit
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
Max CVSS
6.4
EPSS Score
63.65%
Published
2010-07-13
Updated
2019-03-25
CVE-2010-2063
Public exploit
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Max CVSS
7.5
EPSS Score
97.18%
Published
2010-06-17
Updated
2023-02-13
CVE-2010-1964
Public exploit
Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.
Max CVSS
7.5
EPSS Score
96.38%
Published
2010-06-17
Updated
2018-10-10
CVE-2010-1961
Public exploit
Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified variables to jovgraph.exe, which are not properly handled in a call to the sprintf function.
Max CVSS
10.0
EPSS Score
83.29%
Published
2010-06-10
Updated
2018-10-10
CVE-2010-1960
Public exploit
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
Max CVSS
10.0
EPSS Score
83.29%
Published
2010-06-10
Updated
2018-10-10
CVE-2010-1899
Public exploit
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Max CVSS
4.3
EPSS Score
96.96%
Published
2010-09-15
Updated
2021-02-05
CVE-2010-1799
Public exploit
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
Max CVSS
9.3
EPSS Score
36.47%
Published
2010-08-16
Updated
2018-10-30