CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2013-3205
Microsoft Internet Explorer <9 - Code Injection
CVE-2013-3204
Microsoft Internet Explorer <11 - Code Injection
CVE-2013-3203
Microsoft Internet Explorer 9-10 - Code Injection
CVE-2013-3202
Microsoft Internet Explorer 10 - Memory Corruption
CVE-2013-3201
Microsoft Internet Explorer 9-10 - Memory Corruption
CVE-2013-3158
Microsoft Excel <2007 - Code Injection
CVE-2013-3157
Microsoft Access 2007 SP3, 2010 SP1-SP2, and 2013 - Remote Code Execution via Crafted Access File
CVE-2013-3156
Microsoft Office - Memory Corruption
CVE-2013-3155
Microsoft Access <2013 - Code Injection
CVE-2013-1344
Windows win32k.sys - Local Privilege Escalation via Multiple Fetch
CVE-2013-1343
Windows win32k.sys - Local Privilege Escalation via Crafted Application
CVE-2013-1342 HIGH
Windows win32k.sys - Local Privilege Escalation via Crafted Application
CVSS 7.8
CVE-2013-1341
Windows win32k.sys - Local Privilege Escalation via Multiple Fetch
CVE-2013-1315
Microsoft Office < - Memory Corruption
CVE-2013-4298
ImageMagick < 6.7.8-8 - Denial of Service via Crafted GIF Comment
CVE-2013-4243
libtiff < 4.0.3 - Heap-Based Buffer Overflow via GIF Image Height and Width Values
CVE-2013-3934
Kingsoft Writer 2012 8.1.0.3030 - Stack-based Buffer Overflow via Long Font Name in WPS File
CVE-2013-3657
VMware ESX and ESXi 4.0-5.0 - Buffer Overflow
CVE-2013-5715
Gretech GOM Media Player < 2.2.53.5169 - Buffer Overflow
CVE-2013-5641
Asterisk Open Source <11.5.1 - DoS
CVE-2013-2794
Triangle MicroWorks SCADA Data Gateway <3.00.0616 - DoS
CVE-2013-2793
Triangle MicroWorks SCADA Data Gateway <3.00.0616 - DoS
CVE-2013-2791
MatrikonOPC SCADA DNP3 OPC Server 1.2.0 - DoS
CVE-2013-3031
IBM solidDB <6.0.1070, 6.3.0.56, 6.5.0.12, 7.0.0.4 - DoS
CVE-2013-3607
Supermicro H8SCM-F and others - Remote Code Execution via Stack-Based Buffer Overflow in Web Interface
Details
Vulnerabilities 14,011
Exploit Likelihood High