VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 325 of 549
  • CVE-2013-3856Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

  • CVE-2013-3855Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

  • CVE-2013-3854Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3853.

  • CVE-2013-3853Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3854.

  • CVE-2013-3852Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

  • CVE-2013-3851Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption…

  • CVE-2013-3850Sep 11, 2013
    risk 0.02cvss epss 0.20

    Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."

  • CVE-2013-3849Sep 11, 2013
    risk 0.02cvss epss 0.21

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2013-3848Sep 11, 2013
    risk 0.02cvss epss 0.21

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2013-3847Sep 11, 2013
    risk 0.02cvss epss 0.21

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2013-3845Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2013-3209Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203,…

  • CVE-2013-3208Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2013-3207Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203,…

  • CVE-2013-3206Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203,…

  • CVE-2013-3204Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2013-3203Sep 11, 2013
    risk 0.02cvss epss 0.24

    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3206,…

  • CVE-2013-3202Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2013-3201Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206,…

  • CVE-2013-3158Sep 11, 2013
    risk 0.02cvss epss 0.19

    Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."