Articles tagged "high"
CVE-2007-5659: The PDF That Could Own Your Machine — Adobe's JavaScript Buffer Overflow Problem
Before endpoint detection was mature and sandboxing was standard, PDF files were one of the most reliable vectors for mass exploitation.
CVE-2008-2992: When Adobe Acrobat's JavaScript Engine Turned PDFs Into Remote Code Execution Weapons
Let's cut through the surface-level description: this isn't just a "buffer overflow in a PDF reader.
CVE-2009-0557: The Excel Object Record Corruption That Turned Spreadsheets Into Attack Vectors
In 2009, opening a spreadsheet from a colleague could hand an attacker full control of your machine—and most people had no idea the file format they trusted every day was a loaded weapon.
CVE-2009-1862: When Your PDF Reader Became a Drive-By Download Target
In the summer of 2009, attackers found a way to turn two of the most trusted file formats on the internet—PDFs and SWF files—into silent malware delivery machines.
CVE-2009-3129: The Excel FEATHEADER Vulnerability That Turned Spreadsheets Into Weapons
To understand this vulnerability, you need to know what a `FEATHEADER` record is. Excel's binary file format (`.
CVE-2009-3953: When a 3D Model Becomes a Root Shell
Let's talk about Universal 3D (U3D) for a moment, because most people don't realize it's even *in* a PDF.
CVE-2010-0188: The PDF That Owned Your Enterprise — A Definitive Analysis
In 2010, if you wanted to silently compromise a target's machine, you didn't need a zero-day in the OS kernel or a sophisticated supply chain attack — you sent them a PDF.
CVE-2010-2572: When a 15-Year-Old File Format Becomes a Modern Weapon
Here's the thing about legacy format parsers: they're almost always written once and then forgotten. Nobody refactors the PowerPoint 95 parser when they ship Office 2003.
CVE-2010-3962: The IE Use-After-Free That Kicked Off the Modern Browser Exploitation Era
Here's the thing — use-after-free vulnerabilities have a reputation for being "complex." CVE-2010-3962 is a perfect case study in why that reputation is misleading.
CVE-2011-0611: The Flash Type Confusion That Rewrote Spear-Phishing Forever
A PDF lands in your inbox. You open it. You didn't click anything sketchy, didn't enable macros, didn't ignore a warning. You just *opened a file*.
CVE-2011-1823 (Gingerbreak): How Android's Volume Daemon Handed Root to Anyone Who Asked Nicely
`vold` — the Volume Daemon — is an Android system process that runs as root. Its job is managing storage volumes: SD cards, USB drives, partitioning, mounting.
Monitor for suspicious debugging activity
The fact that this vulnerability received a CVSS score of 7.8 (HIGH) is appropriate, though by today's standards, any reliable local privilege escalation to SYSTEM would likely score higher.
CVE-2006-2492: The Word Document That Changed Everything
In May 2006, a single malicious Word document exposed a vulnerability so dangerous that Microsoft issued an emergency patch outside their normal update cycle—something they rarely did back then.
CVE-2007-0671: The Excel Zero-Day That Rewrote the Rules of Office Security
When an "unspecified vulnerability" starts showing up in targeted zero-day attacks with a file named "Exploit-MSExcel.h," you know Microsoft's having a very bad day.