CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43590 – Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-43590
08 Oct 2024 — Visual C++ Redistributable Installer Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43590 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3146
https://notcve.org/view.php?id=CVE-2021-3146
08 Apr 2021 — The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges. El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios • https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 58%CPEs: 8EXPL: 0CVE-2010-3190 – Apple Security Advisory 2015-09-16-3
https://notcve.org/view.php?id=CVE-2010-3190
31 Aug 2010 — Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a T... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 27%CPEs: 16EXPL: 0CVE-2009-2493
https://notcve.org/view.php?id=CVE-2009-2493
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 42%CPEs: 8EXPL: 0CVE-2009-2495
https://notcve.org/view.php?id=CVE-2009-2495
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." La Active Template Library (ATL) en Microsoft Visu... • http://marc.info/?l=bugtraq&m=126592505426855&w=2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 66%CPEs: 8EXPL: 0CVE-2009-0901
https://notcve.org/view.php?id=CVE-2009-0901
29 Jul 2009 — The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Unin... • http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2007-0842
https://notcve.org/view.php?id=CVE-2007-0842
13 Feb 2007 — The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design l... • http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspx • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 75%CPEs: 43EXPL: 6CVE-2004-0200 – Microsoft Windows - JPEG Processing Buffer Overrun (MS04-028)
https://notcve.org/view.php?id=CVE-2004-0200
17 Sep 2004 — Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. Desbordamiento de búfer en el motor de proceso de JPEG (JPG) en GDIPlus.dll, usado en varios productos de Microsoft, permite a atacantes remotos ejecutar código de su elección mediante un campo de longitud ... • https://www.exploit-db.com/exploits/474 •