CVEs from 2012
Total
5,200
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
3.2%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3600 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3599 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3597 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3596 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3595 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3594 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3593 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3592 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3591 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-3589 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-1520 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-0683 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-0682 | critical | — | 9.3 | 14y ago | WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differen… | |||
| CVE-2012-1958 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before … | |||
| CVE-2012-1953 | critical | — | 9.3 | 14y ago | The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey… | |||
| CVE-2012-1952 | critical | — | 9.3 | 14y ago | The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.1… | |||
| CVE-2012-1949 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of ser… | |||
| CVE-2012-1948 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and S… | |||
| CVE-2012-2844 | critical | — | 9.3 | 14y ago | The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly h… | |||
| CVE-2012-1661 | critical | — | 9.3 | 14y ago | ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a c… | |||
| CVE-2012-1524 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Exec… | |||
| CVE-2012-1522 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Executi… | |||
| CVE-2012-3585 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS f… | |||
| CVE-2012-3841 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current w… | |||
| CVE-2012-3057 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1… | |||
| CVE-2012-3056 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows rem… | |||
| CVE-2012-3055 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP… | |||
| CVE-2012-3054 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1… | |||
| CVE-2012-3053 | critical | — | 9.3 | 14y ago | Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 a… | |||
| CVE-2012-2834 | critical | — | 9.3 | 14y ago | Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. | |||
| CVE-2012-0187 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||
| CVE-2012-1616 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary cod… | |||
| CVE-2012-2493 | critical | — | 9.3 | 14y ago | The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linu… | |||
| CVE-2012-2091 | critical | — | 9.3 | 14y ago | Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a… | |||
| CVE-2012-2090 | critical | — | 9.3 | 14y ago | Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code … | |||
| CVE-2012-0212 | critical | — | 9.3 | 14y ago | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. | |||
| CVE-2012-0211 | critical | — | 9.3 | 14y ago | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.o… | |||
| CVE-2012-0210 | critical | — | 9.3 | 14y ago | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes… | |||
| CVE-2012-3288 | critical | — | 9.3 | 14y ago | VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through … | |||
| CVE-2012-3556 | critical | — | 9.3 | 14y ago | Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to condu… | |||
| CVE-2012-1881 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote… | |||
| CVE-2012-1880 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code E… | |||
| CVE-2012-1878 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Even… | |||
| CVE-2012-1877 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Re… | |||
| CVE-2012-1874 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Too… | |||
| CVE-2012-1855 | critical | — | 9.3 | 14y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application… | |||
| CVE-2012-1849 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonst… | |||
| CVE-2012-1523 | critical | — | 9.3 | 14y ago | Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote C… | |||
| CVE-2012-0173 | critical | — | 9.3 | 14y ago | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 d… | |||
| CVE-2012-0677 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | |||
| CVE-2012-2040 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on … | |||
| CVE-2012-2039 | critical | — | 9.3 | 14y ago | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and be… | |||
| CVE-2012-2037 | critical | — | 9.3 | 14y ago | Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and be… | |||
| CVE-2012-2036 | critical | — | 9.3 | 14y ago | Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android… | |||
| CVE-2012-2035 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10… | |||
| CVE-2012-0985 | critical | — | 9.3 | 14y ago | Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Conn… | |||
| CVE-2012-3105 | critical | — | 9.3 | 14y ago | The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMon… | |||
| CVE-2012-1947 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, an… | |||
| CVE-2012-1946 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x bef… | |||
| CVE-2012-1941 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird E… | |||
| CVE-2012-1940 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.… | |||
| CVE-2012-1939 | critical | — | 9.3 | 14y ago | jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory… | |||
| CVE-2012-1938 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memo… | |||
| CVE-2012-1937 | critical | — | 9.3 | 14y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and S… | |||
| CVE-2012-0295 | critical | — | 9.3 | 14y ago | The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by le… | |||
| CVE-2012-2411 | critical | — | 9.3 | 14y ago | Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. | |||
| CVE-2012-2406 | critical | — | 9.3 | 14y ago | RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via… | |||
| CVE-2012-0671 | critical | — | 9.3 | 14y ago | Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. | |||
| CVE-2012-0670 | critical | — | 9.3 | 14y ago | Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. | |||
| CVE-2012-0669 | critical | — | 9.3 | 14y ago | Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson en… | |||
| CVE-2012-0668 | critical | — | 9.3 | 14y ago | Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. | |||
| CVE-2012-0667 | critical | — | 9.3 | 14y ago | Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. | |||
| CVE-2012-0666 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Q… | |||
| CVE-2012-0665 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encod… | |||
| CVE-2012-0664 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a … | |||
| CVE-2012-0265 | critical | — | 9.3 | 14y ago | Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a … | |||
| CVE-2012-0685 | critical | — | 9.3 | 14y ago | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | |||
| CVE-2012-0684 | critical | — | 9.3 | 14y ago | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | |||
| CVE-2012-2028 | critical | — | 9.3 | 14y ago | Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2012-2027 | critical | — | 9.3 | 14y ago | Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. | |||
| CVE-2012-1847 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the openi… | |||
| CVE-2012-0185 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a c… | |||
| CVE-2012-0184 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the openi… | |||
| CVE-2012-0183 | critical | — | 9.3 | 14y ago | Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (me… | |||
| CVE-2012-0176 | critical | — | 9.3 | 14y ago | Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-F… | |||
| CVE-2012-0167 | critical | — | 9.3 | 14y ago | Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document… | |||
| CVE-2012-0165 | critical | — | 9.3 | 14y ago | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attacke… | |||
| CVE-2012-0162 | critical | — | 9.3 | 14y ago | Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Fram… | |||
| CVE-2012-0161 | critical | — | 9.3 | 14y ago | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data… | |||
| CVE-2012-0160 | critical | — | 9.3 | 14y ago | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XA… | |||
| CVE-2012-0159 | critical | — | 9.3 | 14y ago | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP… | |||
| CVE-2012-0143 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Exc… | |||
| CVE-2012-0142 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of fil… | |||
| CVE-2012-0141 | critical | — | 9.3 | 14y ago | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of fil… | |||
| CVE-2012-0018 | critical | — | 9.3 | 14y ago | Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory … | |||
| CVE-2012-0736 | critical | — | 9.3 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||
| CVE-2012-1819 | critical | — | 9.3 | 14y ago | Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||
| CVE-2012-0269 | critical | — | 9.3 | 14y ago | Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and… | |||
| CVE-2012-1144 | critical | — | 9.3 | 14y ago | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or… | |||
| CVE-2012-1142 | critical | — | 9.3 | 14y ago | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or… |