Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2009-07-21 CVE-2009-2556 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
network
google CWE-119
critical
9.3
2009-07-21 CVE-2009-2555 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome and V8
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
network
google CWE-119
critical
9.3
2009-07-20 CVE-2009-2548 USE of Externally-Controlled Format String vulnerability in Bistudio Arma and Arma 2
Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) nickname and (2) datafile fields in a join request, which is not properly handled when logging an error message.
network
low complexity
bistudio CWE-134
critical
10.0
2009-07-20 CVE-2009-2543 Unspecified vulnerability in IBM products
Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allow remote attackers to bypass detection of malware via a modified (1) ZIP or (2) CAB archive, a related issue to CVE-2009-1240.
network
low complexity
ibm
critical
10.0
2009-07-16 CVE-2009-2485 Buffer Errors vulnerability in Tingan Ht-Mp3Player 1.0
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
network
tingan CWE-119
critical
9.3
2009-07-16 CVE-2009-2047 Path Traversal vulnerability in Cisco products
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
network
low complexity
cisco CWE-22
critical
9.0
2009-07-15 CVE-2009-2477 Code Injection vulnerability in Mozilla Firefox 3.5
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
network
mozilla CWE-94
critical
9.3
2009-07-15 CVE-2009-1542 Permissions, Privileges, and Access Controls vulnerability in Microsoft Virtual PC and Virtual Server
The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
network
low complexity
microsoft CWE-264
critical
9.0
2009-07-15 CVE-2009-1539 Code Injection vulnerability in Microsoft products
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
network
microsoft CWE-94
critical
9.3
2009-07-15 CVE-2009-1538 Improper Input Validation vulnerability in Microsoft products
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
network
microsoft CWE-20
critical
9.3