CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 328 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-1885 | 0.02 | — | 0.29 | Nov 14, 2012 | Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow… | |||
| CVE-2012-2550 | 0.02 | — | 0.22 | Oct 9, 2012 | Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability." | |||
| CVE-2012-2524 | 0.02 | — | 0.20 | Aug 15, 2012 | Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." | |||
| CVE-2012-1888 | 0.02 | — | 0.24 | Aug 15, 2012 | Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." | |||
| CVE-2012-1853 | 0.02 | — | 0.29 | Aug 15, 2012 | Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack… | |||
| CVE-2012-1852 | 0.02 | — | 0.29 | Aug 15, 2012 | Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap… | |||
| CVE-2012-1526 | 0.02 | — | 0.20 | Aug 15, 2012 | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." | |||
| CVE-2012-0162 | 0.02 | — | 0.22 | May 9, 2012 | Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." | |||
| CVE-2012-0141 | 0.02 | — | 0.22 | May 9, 2012 | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2012-0177 | 0.02 | — | 0.30 | Apr 10, 2012 | Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." | |||
| CVE-2012-1337 | 0.02 | — | 0.24 | Apr 5, 2012 | Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than… | |||
| CVE-2012-1545 | 0.02 | — | 0.20 | Mar 9, 2012 | Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at… | |||
| CVE-2012-0150 | 0.02 | — | 0.24 | Feb 14, 2012 | Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." | |||
| CVE-2011-1990 | 0.02 | — | 0.20 | Sep 15, 2011 | Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which… | |||
| CVE-2011-1987 | 0.02 | — | 0.20 | Sep 15, 2011 | Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for… | |||
| CVE-2011-1970 | 0.02 | — | 0.23 | Aug 10, 2011 | The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory… | |||
| CVE-2011-1867 | 0.02 | — | 0.26 | Jul 11, 2011 | Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to… | |||
| CVE-2011-1720 | 0.02 | — | 0.22 | May 13, 2011 | The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a… | |||
| CVE-2011-1732 | 0.02 | — | 0.25 | May 7, 2011 | Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message. | |||
| CVE-2011-1243 | 0.02 | — | 0.29 | Apr 13, 2011 | The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." |
- CVE-2012-1885Nov 14, 2012risk 0.02cvss —epss 0.29
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow…
- CVE-2012-2550Oct 9, 2012risk 0.02cvss —epss 0.22
Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability."
- CVE-2012-2524Aug 15, 2012risk 0.02cvss —epss 0.20
Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
- CVE-2012-1888Aug 15, 2012risk 0.02cvss —epss 0.24
Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
- CVE-2012-1853Aug 15, 2012risk 0.02cvss —epss 0.29
Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack…
- CVE-2012-1852Aug 15, 2012risk 0.02cvss —epss 0.29
Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap…
- CVE-2012-1526Aug 15, 2012risk 0.02cvss —epss 0.20
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
- CVE-2012-0162May 9, 2012risk 0.02cvss —epss 0.22
Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
- CVE-2012-0141May 9, 2012risk 0.02cvss —epss 0.22
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted…
- CVE-2012-0177Apr 10, 2012risk 0.02cvss —epss 0.30
Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
- CVE-2012-1337Apr 5, 2012risk 0.02cvss —epss 0.24
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than…
- CVE-2012-1545Mar 9, 2012risk 0.02cvss —epss 0.20
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at…
- CVE-2012-0150Feb 14, 2012risk 0.02cvss —epss 0.24
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
- CVE-2011-1990Sep 15, 2011risk 0.02cvss —epss 0.20
Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which…
- CVE-2011-1987Sep 15, 2011risk 0.02cvss —epss 0.20
Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for…
- CVE-2011-1970Aug 10, 2011risk 0.02cvss —epss 0.23
The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory…
- CVE-2011-1867Jul 11, 2011risk 0.02cvss —epss 0.26
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to…
- CVE-2011-1720May 13, 2011risk 0.02cvss —epss 0.22
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a…
- CVE-2011-1732May 7, 2011risk 0.02cvss —epss 0.25
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
- CVE-2011-1243Apr 13, 2011risk 0.02cvss —epss 0.29
The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."