| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2020-0688 exists in Microsoft Office, which is prone to a memory corruption vulnerability allowing an attacker to run arbitrary code if unpatched, in the context of the current user, by failing to properly handle objects in memory. Cyber actors continued to exploit this vulnerability in Microsoft Office. The vulnerability is ideal for phasing campaigns, and it enables RCE on vulnerable systems.
References
|
| CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
CVE-2020-0688 exists in Microsoft Office, which is prone to a memory corruption vulnerability allowing an attacker to run arbitrary code if unpatched, in the context of the current user, by failing to properly handle objects in memory. Cyber actors continued to exploit this vulnerability in Microsoft Office. The vulnerability is ideal for phishing campaigns, and it enables RCE on vulnerable systems.
References
|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system.
References
|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1499.004 | Application or System Exploitation |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system.
References
|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system via drive-by compromise.
References
|
| CVE-2013-3346 | Adobe Reader and Acrobat Memory Corruption Vulnerability | exploitation_technique | T1059.007 | JavaScript |
Comments
This vulnerability is exploited via maliciously-crafted javascript.
References
|
| CVE-2013-0640 | Adobe Reader and Acrobat Memory Corruption Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
This vulnerability is exploited via a maliciously-crafted pdf delivered as an email attachment.
References
|
| CVE-2012-2034 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by a maliciously-crafted .swf via drive-by compromise.
References
|
| CVE-2012-0754 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited via a maliciously-crafted MP4 file. As a result of the exploit, malicious software is installed on the target machine.
References
|
| CVE-2012-0754 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited via a maliciously-crafted MP4 file. As a result of the exploit, malicious software is installed on the target machine.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | secondary_impact | T1562 | Impair Defenses |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | secondary_impact | T1106 | Native API |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | secondary_impact | T1059 | Command and Scripting Interpreter |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | secondary_impact | T1001 | Data Obfuscation |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability | secondary_impact | T1557 | Adversary-in-the-Middle |
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
|
| CVE-2025-21480 | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | exploitation_technique | T1055 | Process Injection | |
| CVE-2025-21480 | Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | primary_impact | T1495 | Firmware Corruption |