CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9101 CVE-2012-0245 119 Exec Code Overflow 2012-03-09 2012-10-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
9102 CVE-2012-0243 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
9103 CVE-2012-0242 134 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
9104 CVE-2012-0240 287 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
9105 CVE-2012-0238 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
9106 CVE-2012-0231 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
9107 CVE-2012-0230 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.
9108 CVE-2012-0229 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.
9109 CVE-2012-0227 119 DoS Exec Code Overflow 2012-10-12 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method.
9110 CVE-2012-0224 +Priv 2012-02-21 2012-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223.
9111 CVE-2012-0223 +Priv 2012-02-22 2012-02-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224.
9112 CVE-2012-0212 20 Exec Code 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
9113 CVE-2012-0211 20 Exec Code 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.
9114 CVE-2012-0210 20 Exec Code +Info 2012-06-15 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
9115 CVE-2012-0208 2012-05-03 2013-10-10
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.
9116 CVE-2012-0204 +Priv 2013-01-31 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
9117 CVE-2012-0202 119 DoS Exec Code Overflow 2012-05-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
9118 CVE-2012-0201 119 2 Exec Code Overflow 2012-03-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
9119 CVE-2012-0198 Exec Code Overflow 2012-03-05 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
9120 CVE-2012-0192 189 Exec Code Overflow 2012-01-23 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
9121 CVE-2012-0190 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
9122 CVE-2012-0189 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.
9123 CVE-2012-0188 Exec Code 2012-01-18 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.
9124 CVE-2012-0187 +Priv 2012-06-22 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.
9125 CVE-2012-0185 264 Exec Code Overflow 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
9126 CVE-2012-0184 264 Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
9127 CVE-2012-0183 DoS Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
9128 CVE-2012-0182 94 Exec Code Mem. Corr. 2012-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
9129 CVE-2012-0177 119 Exec Code Overflow 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
9130 CVE-2012-0176 399 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability."
9131 CVE-2012-0175 94 Exec Code 2012-07-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
9132 CVE-2012-0173 94 Exec Code 2012-06-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
9133 CVE-2012-0172 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."
9134 CVE-2012-0171 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
9135 CVE-2012-0170 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."
9136 CVE-2012-0169 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
9137 CVE-2012-0167 20 Exec Code Overflow 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
9138 CVE-2012-0165 20 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
9139 CVE-2012-0163 20 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
9140 CVE-2012-0162 119 Exec Code Overflow 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
9141 CVE-2012-0161 20 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
9142 CVE-2012-0160 20 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
9143 CVE-2012-0159 399 Exec Code 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
9144 CVE-2012-0158 94 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
9145 CVE-2012-0155 94 Exec Code 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
9146 CVE-2012-0151 20 Exec Code 2012-04-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
9147 CVE-2012-0150 119 Exec Code Overflow 2012-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
9148 CVE-2012-0143 399 Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
9149 CVE-2012-0142 399 Exec Code Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability."
9150 CVE-2012-0141 119 Exec Code Overflow Mem. Corr. 2012-05-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.