Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2010-11-10 CVE-2010-2572 Classic Buffer Overflow vulnerability in Microsoft Powerpoint 2002/2003
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
local
low complexity
microsoft CWE-120
7.8
2010-11-06 CVE-2010-4206 Out-of-bounds Write vulnerability in multiple products
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
network
low complexity
google webkitgtk fedoraproject CWE-787
8.8
2010-11-06 CVE-2010-4205 Unspecified vulnerability in Google Chrome
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google
critical
9.8
2010-11-06 CVE-2010-4204 WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google webkitgtk fedoraproject
critical
9.8
2010-11-06 CVE-2010-4203 Integer Overflow or Wraparound vulnerability in multiple products
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
network
low complexity
google webmproject redhat CWE-190
critical
9.8
2010-11-06 CVE-2010-4202 Integer Overflow or Wraparound vulnerability in Google Chrome
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
network
low complexity
google CWE-190
critical
9.8
2010-11-06 CVE-2010-4201 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
network
low complexity
google CWE-416
critical
9.8
2010-11-06 CVE-2010-4199 Improper Input Validation vulnerability in multiple products
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.
network
low complexity
google debian CWE-20
8.8
2010-11-06 CVE-2010-4198 Improper Input Validation vulnerability in multiple products
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
network
low complexity
google webkitgtk fedoraproject CWE-20
8.8
2010-11-06 CVE-2010-4197 Use After Free vulnerability in multiple products
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
network
low complexity
google webkitgtk fedoraproject CWE-416
critical
9.8