Win32K
by Microsoft
CVEs (78)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3661 | 0.03 | — | 0.04 | May 24, 2013 | The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is… | |||
| CVE-2023-41772 | 0.02 | — | 0.12 | Oct 10, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2020-1510 | 0.01 | — | 0.05 | Aug 17, 2020 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an… | |||
| CVE-2011-1873 | 0.01 | — | 0.19 | Jun 16, 2011 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType… | |||
| CVE-2025-55224 | 0.00 | — | 0.00 | Sep 9, 2025 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | |||
| CVE-2025-50168 | 0.00 | — | 0.01 | Aug 12, 2025 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-38246 | 0.00 | — | 0.01 | Sep 10, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2024-30091 | 0.00 | — | 0.04 | Jun 11, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2024-30087 | 0.00 | — | 0.10 | Jun 11, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2024-26241 | 0.00 | — | 0.01 | Apr 9, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2024-21346 | 0.00 | — | 0.04 | Feb 13, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2024-20683 | 0.00 | — | 0.04 | Jan 9, 2024 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-36743 | 0.00 | — | 0.04 | Oct 10, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-36776 | 0.00 | — | 0.02 | Oct 10, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-35337 | 0.00 | — | 0.00 | Jul 11, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-21756 | 0.00 | — | 0.00 | Jul 11, 2023 | Windows Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-24902 | 0.00 | — | 0.05 | May 9, 2023 | Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-28274 | 0.00 | — | 0.07 | Apr 11, 2023 | Windows Win32k Elevation of Privilege Vulnerability | |||
| CVE-2023-21680 | 0.00 | — | 0.00 | Jan 10, 2023 | Windows Win32k Elevation of Privilege Vulnerability | |||
| CVE-2022-41092 | 0.00 | — | 0.01 | Nov 9, 2022 | Windows Win32k Elevation of Privilege Vulnerability |
- CVE-2013-3661May 24, 2013risk 0.03cvss —epss 0.04
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is…
- CVE-2023-41772Oct 10, 2023risk 0.02cvss —epss 0.12
Win32k Elevation of Privilege Vulnerability
- CVE-2020-1510Aug 17, 2020risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an…
- CVE-2011-1873Jun 16, 2011risk 0.01cvss —epss 0.19
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType…
- CVE-2025-55224Sep 9, 2025risk 0.00cvss —epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- CVE-2025-50168Aug 12, 2025risk 0.00cvss —epss 0.01
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- CVE-2024-38246Sep 10, 2024risk 0.00cvss —epss 0.01
Win32k Elevation of Privilege Vulnerability
- CVE-2024-30091Jun 11, 2024risk 0.00cvss —epss 0.04
Win32k Elevation of Privilege Vulnerability
- CVE-2024-30087Jun 11, 2024risk 0.00cvss —epss 0.10
Win32k Elevation of Privilege Vulnerability
- CVE-2024-26241Apr 9, 2024risk 0.00cvss —epss 0.01
Win32k Elevation of Privilege Vulnerability
- CVE-2024-21346Feb 13, 2024risk 0.00cvss —epss 0.04
Win32k Elevation of Privilege Vulnerability
- CVE-2024-20683Jan 9, 2024risk 0.00cvss —epss 0.04
Win32k Elevation of Privilege Vulnerability
- CVE-2023-36743Oct 10, 2023risk 0.00cvss —epss 0.04
Win32k Elevation of Privilege Vulnerability
- CVE-2023-36776Oct 10, 2023risk 0.00cvss —epss 0.02
Win32k Elevation of Privilege Vulnerability
- CVE-2023-35337Jul 11, 2023risk 0.00cvss —epss 0.00
Win32k Elevation of Privilege Vulnerability
- CVE-2023-21756Jul 11, 2023risk 0.00cvss —epss 0.00
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2023-24902May 9, 2023risk 0.00cvss —epss 0.05
Win32k Elevation of Privilege Vulnerability
- CVE-2023-28274Apr 11, 2023risk 0.00cvss —epss 0.07
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2023-21680Jan 10, 2023risk 0.00cvss —epss 0.00
Windows Win32k Elevation of Privilege Vulnerability
- CVE-2022-41092Nov 9, 2022risk 0.00cvss —epss 0.01
Windows Win32k Elevation of Privilege Vulnerability
Page 2 of 4