| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5416 | 0.10 | — | 0.87 | Dec 10, 2008 | Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal… | |||
| CVE-2008-4841 | 0.06 | — | 0.43 | Dec 10, 2008 | The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild… | |||
| CVE-2008-4837 | 0.03 | — | 0.37 | Dec 10, 2008 | Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to… | |||
| CVE-2008-4269 | 0.02 | — | 0.21 | Dec 10, 2008 | The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search… | |||
| CVE-2008-4268 | 0.02 | — | 0.21 | Dec 10, 2008 | The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved… | |||
| CVE-2008-4266 | 0.02 | — | 0.28 | Dec 10, 2008 | Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME… | |||
| CVE-2008-4265 | 0.02 | — | 0.25 | Dec 10, 2008 | Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." | |||
| CVE-2008-4264 | 0.02 | — | 0.26 | Dec 10, 2008 | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter… | |||
| CVE-2008-4261 | 0.02 | — | 0.30 | Dec 10, 2008 | Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via… | |||
| CVE-2008-4260 | 0.02 | — | 0.19 | Dec 10, 2008 | Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||
| CVE-2008-4259 | 0.03 | — | 0.33 | Dec 10, 2008 | Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML… | |||
| CVE-2008-4258 | 0.01 | — | 0.18 | Dec 10, 2008 | Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory… | |||
| CVE-2008-4256 | 0.02 | — | 0.21 | Dec 10, 2008 | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary… | |||
| CVE-2008-4255 | 0.07 | — | 0.54 | Dec 10, 2008 | Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold… | |||
| CVE-2008-4254 | 0.02 | — | 0.22 | Dec 10, 2008 | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll… | |||
| CVE-2008-4253 | 0.02 | — | 0.21 | Dec 10, 2008 | The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to… | |||
| CVE-2008-4252 | 0.02 | — | 0.21 | Dec 10, 2008 | The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related… | |||
| CVE-2008-4032 | 0.04 | — | 0.48 | Dec 10, 2008 | Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information,… | |||
| CVE-2008-4031 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format… | |||
| CVE-2008-4030 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via… | |||
| CVE-2008-4028 | 0.03 | — | 0.38 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format… | |||
| CVE-2008-4027 | 0.03 | — | 0.34 | Dec 10, 2008 | Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac… | |||
| CVE-2008-4026 | 0.02 | — | 0.23 | Dec 10, 2008 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow… | |||
| CVE-2008-4025 | 0.03 | — | 0.33 | Dec 10, 2008 | Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and… | |||
| CVE-2008-4024 | 0.02 | — | 0.29 | Dec 10, 2008 | Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary… | |||
| CVE-2008-3465 | Cri | 0.65 | 9.8 | 0.14 | Dec 10, 2008 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed… | ||
| CVE-2008-3010 | 0.01 | — | 0.15 | Dec 10, 2008 | Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through… | |||
| CVE-2008-3009 | 0.01 | — | 0.16 | Dec 10, 2008 | Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute… | |||
| CVE-2008-2249 | 0.02 | — | 0.31 | Dec 10, 2008 | Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer… | |||
| CVE-2008-5409 | 0.04 | — | 0.11 | Dec 10, 2008 | Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or… | |||
| CVE-2008-5408 | 0.00 | — | 0.04 | Dec 10, 2008 | Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary… | |||
| CVE-2008-5407 | 0.00 | — | 0.03 | Dec 10, 2008 | Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via… | |||
| CVE-2008-5406 | 0.04 | — | 0.10 | Dec 10, 2008 | Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||
| CVE-2008-5405 | 0.07 | — | 0.47 | Dec 10, 2008 | Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | |||
| CVE-2008-5404 | 0.00 | — | 0.04 | Dec 10, 2008 | Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by… | |||
| CVE-2008-5403 | 0.01 | — | 0.08 | Dec 10, 2008 | Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag. | |||
| CVE-2008-5402 | 0.01 | — | 0.07 | Dec 10, 2008 | Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID." | |||
| CVE-2008-5401 | 0.01 | — | 0.08 | Dec 10, 2008 | Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing." | |||
| CVE-2008-5400 | 0.00 | — | 0.01 | Dec 10, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to… | |||
| CVE-2008-5399 | 0.00 | — | 0.01 | Dec 10, 2008 | Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2008-5414 | 0.00 | — | 0.02 | Dec 10, 2008 | Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken." | |||
| CVE-2008-5413 | 0.00 | — | 0.01 | Dec 10, 2008 | PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | |||
| CVE-2008-5412 | 0.00 | — | 0.02 | Dec 10, 2008 | Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | |||
| CVE-2008-5411 | 0.00 | — | 0.01 | Dec 10, 2008 | IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2008-5410 | 0.00 | — | 0.03 | Dec 10, 2008 | The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related… | |||
| CVE-2008-5305 | 0.03 | — | 0.05 | Dec 10, 2008 | Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | |||
| CVE-2008-5304 | 0.03 | — | 0.02 | Dec 10, 2008 | Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | |||
| CVE-2008-4311 | 0.00 | — | 0.00 | Dec 10, 2008 | The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving… | |||
| CVE-2008-5398 | 0.00 | — | 0.02 | Dec 9, 2008 | Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the… | |||
| CVE-2008-5397 | 0.00 | — | 0.00 | Dec 9, 2008 | Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. |
- CVE-2008-5416Dec 10, 2008risk 0.10cvss —epss 0.87
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal…
- CVE-2008-4841Dec 10, 2008risk 0.06cvss —epss 0.43
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild…
- CVE-2008-4837Dec 10, 2008risk 0.03cvss —epss 0.37
Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to…
- CVE-2008-4269Dec 10, 2008risk 0.02cvss —epss 0.21
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search…
- CVE-2008-4268Dec 10, 2008risk 0.02cvss —epss 0.21
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved…
- CVE-2008-4266Dec 10, 2008risk 0.02cvss —epss 0.28
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME…
- CVE-2008-4265Dec 10, 2008risk 0.02cvss —epss 0.25
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
- CVE-2008-4264Dec 10, 2008risk 0.02cvss —epss 0.26
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter…
- CVE-2008-4261Dec 10, 2008risk 0.02cvss —epss 0.30
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via…
- CVE-2008-4260Dec 10, 2008risk 0.02cvss —epss 0.19
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
- CVE-2008-4259Dec 10, 2008risk 0.03cvss —epss 0.33
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML…
- CVE-2008-4258Dec 10, 2008risk 0.01cvss —epss 0.18
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory…
- CVE-2008-4256Dec 10, 2008risk 0.02cvss —epss 0.21
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary…
- CVE-2008-4255Dec 10, 2008risk 0.07cvss —epss 0.54
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold…
- CVE-2008-4254Dec 10, 2008risk 0.02cvss —epss 0.22
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll…
- CVE-2008-4253Dec 10, 2008risk 0.02cvss —epss 0.21
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to…
- CVE-2008-4252Dec 10, 2008risk 0.02cvss —epss 0.21
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related…
- CVE-2008-4032Dec 10, 2008risk 0.04cvss —epss 0.48
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information,…
- CVE-2008-4031Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format…
- CVE-2008-4030Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via…
- CVE-2008-4028Dec 10, 2008risk 0.03cvss —epss 0.38
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format…
- CVE-2008-4027Dec 10, 2008risk 0.03cvss —epss 0.34
Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac…
- CVE-2008-4026Dec 10, 2008risk 0.02cvss —epss 0.23
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow…
- CVE-2008-4025Dec 10, 2008risk 0.03cvss —epss 0.33
Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and…
- CVE-2008-4024Dec 10, 2008risk 0.02cvss —epss 0.29
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary…
- risk 0.65cvss 9.8epss 0.14
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed…
- CVE-2008-3010Dec 10, 2008risk 0.01cvss —epss 0.15
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through…
- CVE-2008-3009Dec 10, 2008risk 0.01cvss —epss 0.16
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute…
- CVE-2008-2249Dec 10, 2008risk 0.02cvss —epss 0.31
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer…
- CVE-2008-5409Dec 10, 2008risk 0.04cvss —epss 0.11
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or…
- CVE-2008-5408Dec 10, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary…
- CVE-2008-5407Dec 10, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via…
- CVE-2008-5406Dec 10, 2008risk 0.04cvss —epss 0.10
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
- CVE-2008-5405Dec 10, 2008risk 0.07cvss —epss 0.47
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
- CVE-2008-5404Dec 10, 2008risk 0.00cvss —epss 0.04
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by…
- CVE-2008-5403Dec 10, 2008risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
- CVE-2008-5402Dec 10, 2008risk 0.01cvss —epss 0.07
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
- CVE-2008-5401Dec 10, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
- CVE-2008-5400Dec 10, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to…
- CVE-2008-5399Dec 10, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- CVE-2008-5414Dec 10, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."
- CVE-2008-5413Dec 10, 2008risk 0.00cvss —epss 0.01
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434.
- CVE-2008-5412Dec 10, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.
- CVE-2008-5411Dec 10, 2008risk 0.00cvss —epss 0.01
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
- CVE-2008-5410Dec 10, 2008risk 0.00cvss —epss 0.03
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related…
- CVE-2008-5305Dec 10, 2008risk 0.03cvss —epss 0.05
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
- CVE-2008-5304Dec 10, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
- CVE-2008-4311Dec 10, 2008risk 0.00cvss —epss 0.00
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving…
- CVE-2008-5398Dec 9, 2008risk 0.00cvss —epss 0.02
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the…
- CVE-2008-5397Dec 9, 2008risk 0.00cvss —epss 0.00
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.