Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3239 |
Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3238 |
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3237 |
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3236 |
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3235 |
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3234 |
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3233 |
Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3232 |
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3231 |
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3229 |
The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." Published: October 13, 2010; 3:00:45 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2010-1322 |
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client. Published: October 07, 2010; 5:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2010-3631 |
Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Published: October 06, 2010; 1:00:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3629 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. Published: October 06, 2010; 1:00:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3627 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3626 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3624 |
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via a crafted image. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3620 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2889 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2888 |
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors. Published: October 06, 2010; 1:00:15 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3762 |
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. Published: October 05, 2010; 6:00:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |