CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,002 vulnerabilities with CWE-119
CVE-2017-0090 HIGH
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1 - Remote Code Execution via Uniscribe
CVSS 8.8
CVE-2017-0089 HIGH
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
CVSS 8.8
CVE-2017-0088 HIGH
Windows Uniscribe in Vista SP2, Server 2008 SP2/R2 SP1, and 7 SP1 - Remote Code Execution
CVSS 8.8
CVE-2017-0087 HIGH
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
CVSS 8.8
CVE-2017-0086 HIGH
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, and 7 SP1 - Remote Code Execution via Uniscribe
CVSS 8.8
CVE-2017-0084 HIGH
Windows Uniscribe - Remote Code Execution via Crafted Website
CVSS 8.8
CVE-2017-0083 HIGH
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, and 7 SP1 - Remote Code Execution via Uniscribe
CVSS 8.8
CVE-2017-0072 HIGH
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 - Remote Code Execution
CVSS 8.8
CVE-2017-0071 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-0067 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-0053 HIGH
Microsoft Office - Remote Code Execution via Crafted Document
CVSS 7.8
CVE-2017-0052 HIGH
Microsoft Excel - Remote Code Execution via Crafted Document
CVSS 7.8
CVE-2017-0040 HIGH
Internet Explorer 9-11 - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2017-0035 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-0034 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2017-0032 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-0031 HIGH
Microsoft Office 2010 SP2, Word 2007 SP3, and Word 2010 SP2 - Remote Code Execution via Crafted Document
CVSS 7.8
CVE-2017-0030 HIGH
Microsoft Office/Word 2007/2010 RCE via Crafted Document
CVSS 7.8
CVE-2017-0023 HIGH
Microsoft Edge PDF Library - Remote Code Execution via Crafted PDF File
CVSS 7.5
CVE-2017-0022 MEDIUM KEV
Microsoft XML Core Services - Information Disclosure via Memory Object Handling
CVSS 6.5
CVE-2017-0020 HIGH
Microsoft Excel 2016/2010 SP2/2013 RT SP1 & Office Web Apps Server 2013 SP1 - RCE via Crafted Document
CVSS 7.8
CVE-2017-0019 HIGH
Microsoft Word 2016 - Remote Code Execution or Denial of Service via Crafted Document
CVSS 7.8
CVE-2017-0018 HIGH
Internet Explorer 10 and 11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2017-0015 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-0006 HIGH
Microsoft Excel 2007 SP3 RCE/DoS via Crafted Document
CVSS 7.8
Details
Vulnerabilities 14,002
Exploit Likelihood High