Vulnerabilities > Microsoft > Windows > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-12 | CVE-2009-1564 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in VMWare products Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VMware Server 2.x on Windows, allows remote attackers to execute arbitrary code via an AVI file with crafted video chunks that use HexTile encoding. | 9.3 |
2010-04-05 | CVE-2010-1241 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat Reader Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. | 9.3 |
2010-04-05 | CVE-2010-1240 | Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat Reader 9.3.1 Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message. | 9.3 |
2010-04-05 | CVE-2009-4764 | Code Injection vulnerability in Adobe Acrobat Reader Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document. | 9.3 |
2010-03-26 | CVE-2009-4741 | Unspecified vulnerability in EasyBits Extras Manager Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors. | 10.0 |
2010-03-25 | CVE-2010-1119 | Resource Management Errors vulnerability in Apple products Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | 10.0 |
2010-03-15 | CVE-2010-0045 | Improper Input Validation vulnerability in Apple Safari Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | 9.3 |
2010-03-15 | CVE-2010-0043 | Code Injection vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 9.3 |
2010-03-15 | CVE-2010-0040 | Numeric Errors vulnerability in Apple Safari Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | 9.3 |
2010-02-26 | CVE-2009-4654 | Buffer Errors vulnerability in Novell Edirectory 8.8 Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk. | 9.0 |