CVE Daily – IDL (High+Critical)

[High] CVE-2026-20832 – Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of P...

Tue, 13 Jan 2026 18:16:11 +0000

High CVE-2026-20832

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-415

View on NVD

[High] CVE-2023-4362 – Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowe...

Tue, 15 Aug 2023 18:15:13 +0000

High CVE-2023-4362

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 8.8 · CWE: CWE-787

View on NVD

[Critical] CVE-2014-1510 – The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x befo...

Wed, 19 Mar 2014 10:55:06 +0000

Critical CVE-2014-1510

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.

CVSS: 9.8 · CWE: CWE-269

View on NVD

[Critical] CVE-2009-0568 – The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and S...

Wed, 10 Jun 2009 18:00:00 +0000

Critical CVE-2009-0568

The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array…

CVSS: 10.0 · CWE: CWE-264

View on NVD