CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5151 CVE-2007-1435 DoS Overflow Mem. Corr. 2007-03-13 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5152 CVE-2007-1347 119 DoS Overflow Mem. Corr. 2007-03-08 2017-10-10
7.1
None Remote Medium Not required None None Complete
Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
5153 CVE-2007-1214 119 Exec Code Overflow Mem. Corr. 2007-05-08 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
5154 CVE-2007-1205 Exec Code Mem. Corr. 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
5155 CVE-2007-1204 119 Exec Code Overflow Mem. Corr. 2007-04-10 2018-10-16
6.8
Admin Local Network High Not required Complete Complete Complete
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.
5156 CVE-2007-1203 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
5157 CVE-2007-1201 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
5158 CVE-2007-1092 Exec Code Mem. Corr. 2007-02-26 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
5159 CVE-2007-1008 DoS Mem. Corr. 2007-02-19 2018-10-16
2.6
None Remote High Not required None None Partial
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
5160 CVE-2007-1003 Exec Code Overflow Mem. Corr. 2007-04-05 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
5161 CVE-2007-0947 399 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
5162 CVE-2007-0946 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
5163 CVE-2007-0945 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
5164 CVE-2007-0944 Exec Code Mem. Corr. 2007-05-08 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
5165 CVE-2007-0943 Exec Code Mem. Corr. 2007-08-14 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
5166 CVE-2007-0938 Exec Code Mem. Corr. 2007-04-10 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
5167 CVE-2007-0936 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
5168 CVE-2007-0934 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
5169 CVE-2007-0777 119 DoS Exec Code Overflow Mem. Corr. 2007-02-26 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
5170 CVE-2007-0734 119 Exec Code Overflow Mem. Corr. 2007-04-10 2017-07-28
5.4
None Local Network Medium Not required Partial Partial Partial
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.
5171 CVE-2007-0733 DoS Exec Code Mem. Corr. 2007-03-13 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
5172 CVE-2007-0721 Exec Code Mem. Corr. 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
5173 CVE-2007-0718 119 DoS Exec Code Overflow Mem. Corr. 2007-03-05 2018-10-16
5.8
None Remote Medium Not required None Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.
5174 CVE-2007-0686 DoS Mem. Corr. 2007-02-02 2017-10-18
7.1
None Remote Medium Not required None None Complete
The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
5175 CVE-2007-0653 Exec Code Overflow Mem. Corr. 2007-03-21 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
5176 CVE-2007-0619 Exec Code Mem. Corr. 2007-01-31 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
5177 CVE-2007-0588 DoS Exec Code Mem. Corr. 2007-01-30 2013-08-15
7.1
None Remote Medium Not required None None Complete
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
5178 CVE-2007-0515 DoS Exec Code Mem. Corr. 2007-01-25 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
5179 CVE-2007-0466 Exec Code Mem. Corr. 2007-01-30 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
5180 CVE-2007-0462 DoS Exec Code Mem. Corr. 2007-01-25 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
5181 CVE-2007-0430 DoS Mem. Corr. 2007-01-22 2018-10-16
4.9
None Local Low Not required None None Complete
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
5182 CVE-2007-0251 Mem. Corr. 2007-01-16 2018-10-16
7.8
None Remote Low Not required None None Complete
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.
5183 CVE-2007-0243 119 Overflow +Priv Mem. Corr. 2007-01-17 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
5184 CVE-2007-0218 94 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
5185 CVE-2007-0215 Exec Code Overflow Mem. Corr. 2007-05-08 2018-10-16
7.6
Admin Remote High Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
5186 CVE-2007-0209 94 Exec Code Mem. Corr. 2007-02-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
5187 CVE-2007-0197 20 DoS Exec Code Mem. Corr. 2007-01-11 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
5188 CVE-2007-0104 20 DoS Exec Code Mem. Corr. 2007-01-08 2018-10-16
6.8
None Remote Medium Not required Partial Partial Partial
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
5189 CVE-2007-0103 20 DoS Exec Code Mem. Corr. 2007-01-08 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
5190 CVE-2007-0102 20 DoS Exec Code Mem. Corr. 2007-01-08 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
5191 CVE-2007-0099 362 DoS Exec Code Mem. Corr. 2007-01-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
5192 CVE-2007-0069 DoS Exec Code Mem. Corr. 2008-01-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
5193 CVE-2007-0038 119 DoS Exec Code Overflow Mem. Corr. 2007-03-30 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
5194 CVE-2007-0034 119 Exec Code Overflow Mem. Corr. 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
5195 CVE-2007-0027 Exec Code Mem. Corr. 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
5196 CVE-2007-0026 Exec Code Mem. Corr. 2007-02-13 2018-10-12
7.6
Admin Remote High Not required Complete Complete Complete
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
5197 CVE-2007-0025 94 Exec Code Overflow Mem. Corr. 2007-02-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
5198 CVE-2006-6876 DoS Overflow Mem. Corr. 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.
5199 CVE-2006-6854 Exec Code Mem. Corr. 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
5200 CVE-2006-6810 DoS Mem. Corr. 2006-12-29 2017-07-28
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
Total number of vulnerabilities : 5303   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 (This Page)105 106 107
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.