Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-15 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | |||||
| CVE-2007-4814 | 1 Microsoft | 1 Sql Server | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. | |||||
| CVE-2007-4672 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2018-10-15 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. | |||||
| CVE-2007-4288 | 1 Microsoft | 1 Windows Media Player | 2018-10-15 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au. | |||||
| CVE-2007-4247 | 1 Microsoft | 1 Windows Vista | 2018-10-15 | 4.3 MEDIUM | N/A |
| Windows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file. | |||||
| CVE-2007-3845 | 2 Microsoft, Mozilla | 4 Windows Xp, Firefox, Seamonkey and 1 more | 2018-10-15 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | |||||
| CVE-2007-3895 | 1 Microsoft | 5 Directx, Windows 2000, Windows 2003 Server and 2 more | 2018-10-15 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. | |||||
| CVE-2007-3615 | 2 Microsoft, Sap | 3 All Windows, Internet Communication Manager, Sap Web Application Server | 2018-10-15 | 7.8 HIGH | N/A |
| Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | |||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2018-10-15 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | |||||
| CVE-2018-8396 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-15 | 1.9 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. | |||||
| CVE-2000-0323 | 1 Microsoft | 1 Jet | 2018-10-15 | 7.6 HIGH | N/A |
| The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. | |||||
| CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2018-10-15 | 10.0 HIGH | N/A |
| The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2016-7881 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-0004 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2018-10-12 | 7.8 HIGH | 7.5 HIGH |
| The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | |||||
| CVE-2017-0003 | 1 Microsoft | 2 Sharepoint Enterprise Server, Word | 2018-10-12 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2016-7892 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7880 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7890 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. | |||||
| CVE-2016-7236 | 1 Microsoft | 3 Excel, Excel For Mac, Sharepoint Server | 2018-10-12 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2016-7267 | 1 Microsoft | 1 Excel | 2018-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | |||||
| CVE-2016-7869 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7868 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7867 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7870 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7879 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7878 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7877 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7876 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7875 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7874 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7873 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7872 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7871 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player For Linux, Mac Os X and 5 more | 2018-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-7300 | 1 Microsoft | 1 Auto Updater For Mac | 2018-10-12 | 4.6 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | |||||
| CVE-2016-7298 | 1 Microsoft | 2 Office, Word Viewer | 2018-10-12 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2016-7297 | 1 Microsoft | 1 Edge | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. | |||||
| CVE-2016-7296 | 1 Microsoft | 1 Edge | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. | |||||
| CVE-2016-7291 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290. | |||||
| CVE-2016-7290 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2018-10-12 | 5.8 MEDIUM | 7.1 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291. | |||||
| CVE-2016-7289 | 1 Microsoft | 1 Publisher | 2018-10-12 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2016-7288 | 1 Microsoft | 1 Edge | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. | |||||
| CVE-2016-7287 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | |||||
| CVE-2016-7286 | 1 Microsoft | 1 Edge | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. | |||||
| CVE-2016-7284 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2016-7283 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2016-7282 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
| CVE-2016-7281 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 2.6 LOW | 5.3 MEDIUM |
| The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." | |||||
| CVE-2016-7280 | 1 Microsoft | 1 Edge | 2018-10-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. | |||||
| CVE-2016-7279 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | |||||
| CVE-2016-7278 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability." | |||||