CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9451 CVE-2010-3403 Exec Code 2010-09-16 2010-09-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file.
9452 CVE-2010-3402 Exec Code 2010-09-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.
9453 CVE-2010-3398 2010-09-15 2010-09-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W.
9454 CVE-2010-3397 Exec Code 2010-09-15 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tsp.dll or tvttsp.dll that is located in the same folder as a .p12, .pem, .pgp, .prk, .prvkr, .pubkr, .rnd, or .skr file.
9455 CVE-2010-3346 94 Exec Code Mem. Corr. 2010-12-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9456 CVE-2010-3345 94 Exec Code Mem. Corr. 2010-12-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
9457 CVE-2010-3343 94 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9458 CVE-2010-3340 94 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9459 CVE-2010-3337 +Priv 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
9460 CVE-2010-3336 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
9461 CVE-2010-3335 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
9462 CVE-2010-3334 119 Exec Code Overflow Mem. Corr. 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
9463 CVE-2010-3333 119 Exec Code Overflow 2010-11-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
9464 CVE-2010-3331 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9465 CVE-2010-3329 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
9466 CVE-2010-3328 399 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
9467 CVE-2010-3326 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9468 CVE-2010-3311 189 DoS Exec Code Overflow 2011-01-07 2012-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
9469 CVE-2010-3276 119 Exec Code Overflow 2011-03-28 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.
9470 CVE-2010-3275 119 2 Exec Code Overflow 2011-03-28 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
9471 CVE-2010-3269 119 Exec Code Overflow 2011-02-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.
9472 CVE-2010-3258 399 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors.
9473 CVE-2010-3257 399 DoS Exec Code 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
9474 CVE-2010-3255 20 DoS Mem. Corr. 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9475 CVE-2010-3254 189 DoS 2010-09-07 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9476 CVE-2010-3253 399 DoS Mem. Corr. 2010-09-07 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
9477 CVE-2010-3252 399 DoS 2010-09-07 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
9478 CVE-2010-3249 399 DoS 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue.
9479 CVE-2010-3242 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
9480 CVE-2010-3241 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
9481 CVE-2010-3240 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
9482 CVE-2010-3239 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
9483 CVE-2010-3238 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
9484 CVE-2010-3237 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
9485 CVE-2010-3236 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
9486 CVE-2010-3235 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
9487 CVE-2010-3234 20 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
9488 CVE-2010-3233 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
9489 CVE-2010-3232 20 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."
9490 CVE-2010-3231 20 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
9491 CVE-2010-3230 189 Exec Code Overflow 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
9492 CVE-2010-3228 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
9493 CVE-2010-3227 119 1 Exec Code Overflow 2010-10-26 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
9494 CVE-2010-3221 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
9495 CVE-2010-3220 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
9496 CVE-2010-3219 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
9497 CVE-2010-3218 94 Exec Code Overflow 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
9498 CVE-2010-3217 399 Exec Code 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
9499 CVE-2010-3216 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
9500 CVE-2010-3215 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.