CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3146
https://notcve.org/view.php?id=CVE-2021-3146
08 Apr 2021 — The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios • https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 58%CPEs: 8EXPL: 0CVE-2010-3190 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2010-3190
31 Aug 2010 — Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a T... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 27%CPEs: 16EXPL: 0CVE-2009-2493
https://notcve.org/view.php?id=CVE-2009-2493
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 42%CPEs: 8EXPL: 0CVE-2009-2495
https://notcve.org/view.php?id=CVE-2009-2495
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." La Active Template Library (ATL) en Microsoft Visu... • http://marc.info/?l=bugtraq&m=126592505426855&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 66%CPEs: 8EXPL: 0CVE-2009-0901
https://notcve.org/view.php?id=CVE-2009-0901
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Unin... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •