Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Office

CVE-2010-3333

Microsoft Office Stack-based Buffer Overflow Vulnerability: A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2010-0232

Microsoft Windows Kernel Exception Handler Vulnerability: The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Excel

CVE-2009-3129

Microsoft Excel Featheader Record Memory Corruption Vulnerability: Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2009-1123

Microsoft Windows Improper Input Validation Vulnerability: The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2004-0210

Microsoft Windows Privilege Escalation Vulnerability: A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2002-0367

Microsoft Windows Privilege Escalation Vulnerability: smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2017-8570

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-08-25

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0222

Microsoft Internet Explorer Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-08-25

Additional Notes

Microsoft | Windows

CVE-2014-6352

Microsoft Windows Code Injection Vulnerability: Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-25
Due Date: 2022-08-25

Additional Notes

Microsoft | Internet Explorer

CVE-2019-0752

Microsoft Internet Explorer Type Confusion Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Microsoft | Windows

CVE-2018-8174

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Microsoft | Word

CVE-2014-1761

Microsoft Word Memory Corruption Vulnerability: Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Microsoft | Graphics Component

CVE-2013-3906

Microsoft Graphics Component Memory Corruption Vulnerability: Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Microsoft | Windows

CVE-2021-36934

Microsoft Windows SAM Local Privilege Escalation Vulnerability: If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.

Related CWE: CWE-1220

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-02-24

Additional Notes

Microsoft | SMBv3

CVE-2020-0796

Microsoft SMBv3 Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | Windows

CVE-2017-8464

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability: Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | Win32k

CVE-2017-0263

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | Office

CVE-2017-0262

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | SMBv1

CVE-2017-0145

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | SMBv1

CVE-2017-0144

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates