VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 329 of 549
  • CVE-2011-0103Apr 13, 2011
    risk 0.02cvss epss 0.25

    Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory…

  • CVE-2011-0101Apr 13, 2011
    risk 0.02cvss epss 0.30

    Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, double-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing…

  • CVE-2011-0034Apr 13, 2011
    risk 0.02cvss epss 0.28

    Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to…

  • CVE-2010-3954Dec 16, 2010
    risk 0.02cvss epss 0.21

    Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."

  • CVE-2010-3952Dec 16, 2010
    risk 0.02cvss epss 0.21

    The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix…

  • CVE-2010-3951Dec 16, 2010
    risk 0.02cvss epss 0.25

    Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow…

  • CVE-2010-3950Dec 16, 2010
    risk 0.02cvss epss 0.21

    The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an…

  • CVE-2010-3949Dec 16, 2010
    risk 0.02cvss epss 0.25

    Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."

  • CVE-2010-3947Dec 16, 2010
    risk 0.02cvss epss 0.29

    Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow…

  • CVE-2010-3945Dec 16, 2010
    risk 0.02cvss epss 0.25

    Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun…

  • CVE-2010-2570Dec 16, 2010
    risk 0.02cvss epss 0.25

    Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll…

  • CVE-2010-3336Nov 10, 2010
    risk 0.02cvss epss 0.24

    Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."

  • CVE-2010-3335Nov 10, 2010
    risk 0.02cvss epss 0.24

    Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption,…

  • CVE-2010-3334Nov 10, 2010
    risk 0.02cvss epss 0.25

    Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record…

  • CVE-2010-3214Oct 13, 2010
    risk 0.02cvss epss 0.25

    Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web…

  • CVE-2010-1902Aug 11, 2010
    risk 0.02cvss epss 0.23

    Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote…

  • CVE-2010-1882Aug 11, 2010
    risk 0.02cvss epss 0.23

    Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted…

  • CVE-2010-1850Jun 8, 2010
    risk 0.02cvss epss 0.22

    Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

  • CVE-2010-0479Apr 14, 2010
    risk 0.02cvss epss 0.23

    Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."

  • CVE-2010-0261Mar 10, 2010
    risk 0.02cvss epss 0.23

    Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up…