CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4551 CVE-2010-2902 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4552 CVE-2010-2901 119 DoS Overflow Mem. Corr. 2010-07-28 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The rendering implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4553 CVE-2010-2890 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
4554 CVE-2010-2884 DoS Exec Code Mem. Corr. 2010-09-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
4555 CVE-2010-2882 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
4556 CVE-2010-2881 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.
4557 CVE-2010-2880 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.
4558 CVE-2010-2879 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.
4559 CVE-2010-2878 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
4560 CVE-2010-2877 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.
4561 CVE-2010-2876 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
4562 CVE-2010-2875 189 DoS Exec Code Mem. Corr. 2010-08-26 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
4563 CVE-2010-2874 399 Exec Code Mem. Corr. 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.
4564 CVE-2010-2873 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
4565 CVE-2010-2872 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.
4566 CVE-2010-2871 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.
4567 CVE-2010-2870 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
4568 CVE-2010-2869 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3712 of a certain file.
4569 CVE-2010-2868 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x320D of a certain file.
4570 CVE-2010-2867 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to a "pointer offset vulnerability."
4571 CVE-2010-2866 189 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in the DIRAPI module in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a count value associated with an "undocumented structure" and the tSAC chunk in a Director movie.
4572 CVE-2010-2864 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C6 of a certain file.
4573 CVE-2010-2863 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
4574 CVE-2010-2839 399 DoS Mem. Corr. 2010-08-26 2010-09-09
7.8
None Remote Low Not required None None Complete
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
4575 CVE-2010-2808 119 DoS Exec Code Overflow Mem. Corr. 2010-08-19 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
4576 CVE-2010-2770 119 DoS Exec Code Overflow Mem. Corr. 2010-09-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.
4577 CVE-2010-2755 399 DoS Exec Code Mem. Corr. 2010-07-30 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.
4578 CVE-2010-2750 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
4579 CVE-2010-2748 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
4580 CVE-2010-2747 94 Exec Code Mem. Corr. 2010-10-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
4581 CVE-2010-2745 94 Exec Code Mem. Corr. 2010-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
4582 CVE-2010-2738 20 Exec Code Mem. Corr. 2010-09-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
4583 CVE-2010-2651 119 DoS Overflow Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4584 CVE-2010-2648 310 DoS Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
4585 CVE-2010-2647 119 DoS Overflow Mem. Corr. 2010-07-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.
4586 CVE-2010-2588 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188.
4587 CVE-2010-2587 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188.
4588 CVE-2010-2581 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director file containing a crafted pamm chunk with an invalid (1) size and (2) number of sub-chunks, a different vulnerability than CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.
4589 CVE-2010-2571 20 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
4590 CVE-2010-2569 94 DoS Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
4591 CVE-2010-2567 94 Exec Code Mem. Corr. 2010-09-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
4592 CVE-2010-2564 94 DoS Exec Code Overflow Mem. Corr. 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
4593 CVE-2010-2563 94 Exec Code Mem. Corr. 2010-09-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
4594 CVE-2010-2562 94 DoS Exec Code Mem. Corr. 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
4595 CVE-2010-2561 94 DoS Exec Code Mem. Corr. 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."
4596 CVE-2010-2560 94 Exec Code Mem. Corr. 2010-08-11 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."
4597 CVE-2010-2559 94 Exec Code Mem. Corr. 2010-08-11 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
4598 CVE-2010-2558 362 DoS Exec Code Mem. Corr. 2010-08-11 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."
4599 CVE-2010-2557 94 Exec Code Mem. Corr. 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
4600 CVE-2010-2556 94 Exec Code Mem. Corr. 2010-08-11 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Total number of vulnerabilities : 5303   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 (This Page)93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.