Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-11-18 CVE-2012-4956 Buffer Errors vulnerability in Novell File Reporter 1.0.2
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
network
low complexity
novell CWE-119
critical
10.0
2012-11-17 CVE-2012-5897 Permissions, Privileges, and Access Controls vulnerability in Quest Intrust
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
network
quest CWE-264
critical
9.3
2012-11-17 CVE-2012-5896 Unspecified vulnerability in Quest Intrust
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
network
low complexity
quest
critical
10.0
2012-11-17 CVE-2012-5895 Security vulnerability in Irods 2.5
Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.
network
low complexity
irods
critical
10.0
2012-11-14 CVE-2012-4953 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Antivirus, Endpoint Protection and Scan Engine
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.
network
symantec CWE-119
critical
9.3
2012-11-14 CVE-2012-3569 USE of Externally-Controlled Format String vulnerability in VMWare OVF Tool, Player and Workstation
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
network
vmware microsoft CWE-134
critical
9.3
2012-11-14 CVE-2012-2543 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Stack Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3
2012-11-14 CVE-2012-1887 Resource Management Errors vulnerability in Microsoft Excel and Office
Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
network
microsoft CWE-399
critical
9.3
2012-11-14 CVE-2012-1886 Buffer Errors vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer; and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
network
microsoft CWE-119
critical
9.3
2012-11-14 CVE-2012-1885 Buffer Errors vulnerability in Microsoft Excel, Office and Office Compatibility Pack
Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Office 2008 and 2011 for Mac; and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SerAuxErrBar Heap Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3