Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condit…
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initia…
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT im…
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie fi…
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC at…
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstra…
Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via u…
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption…
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbit…
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion …
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Make…
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbit…
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute ar…
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial …
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2,…
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, W…
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malfor…
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packe…
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulati…
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement pa…
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges vi…
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, a…
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Ov…
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, a…
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, a…
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB c…
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle atta…
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and…
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly…
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i…
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini…
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly …
Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX control in Adobe Flash Player 6, as distributed in Microsoft Windows XP SP2 and SP3, might allow remote attackers to execute arbit…
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is cu…
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted …
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 a…
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a craf…
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow dur…
