CVSS: 6.8EPSS: 15%CPEs: 7EXPL: 0CVE-2014-3802 – Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-3802
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes de utilizarla para calcular una dirección de llamada dinámica, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo PDB manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDB files. The issue lies in a failure to sanitize a value which is then used in the calculation of an address for a dynamic call. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://www.securityfocus.com/bid/67398 http://zerodayinitiative.com/advisories/ZDI-14-129 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3155
https://notcve.org/view.php?id=CVE-2013-3155
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbritrario o provocar una denegación de servicio (corrupción de memoria) a través de un fichero Access manipulado. Aka "Access Memory Corruption Vulnerability", una vulnerabilidad diferente de CVE-2013-3157. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3157
https://notcve.org/view.php?id=CVE-2013-3157
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155. Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de un fichero Access manipulado, también conocido como "Vulnerabilidad de corrupción de memoria Access", una vulnerabilidad diferente a CVE-2013-3155. • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18664 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 86%CPEs: 7EXPL: 0CVE-2013-3156
https://notcve.org/view.php?id=CVE-2013-3156
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability." Microsoft Access 2007 SP3, 2010 SP1 y SP2, y 2013 en Microsoft Office permite a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de un archivo Access manipulado, tambien conocida como "Vulnerabilidad de Corrupción de Memoria en Formato de Archivo Access". • http://www.us-cert.gov/ncas/alerts/TA13-253A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-074 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0146
https://notcve.org/view.php?id=CVE-2012-0146
Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." Vulnerabilidad de redirección abierta en Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 permite a atacantes remotos redireccionar usuarios a sitios Web de su elección y conducir ataques de Phising a través de URL manipuladas, también conocida como "UAG Blind HTTP Redirect Vulnerability." • http://osvdb.org/81131 http://secunia.com/advisories/48787 http://www.securityfocus.com/bid/52903 http://www.securitytracker.com/id?1026909 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026 https://exchange.xforce.ibmcloud.com/vulnerabilities/74367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15476 • CWE-20: Improper Input Validation •