VYPR

Vendor CVEs

Microsoft

All CVEs

14,197 total · sorted by risk
  • CVE-2017-8487HigJun 15, 2017
    risk 0.59cvss 7.8epss 0.63

    Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

  • CVE-2017-8528HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.20

    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability…

  • CVE-2017-8527HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.19

    Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka…

  • CVE-2017-8512HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and…

  • CVE-2017-8510HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.22

    A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and…

  • CVE-2017-8509HigJun 15, 2017
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and…

  • CVE-2017-0021CriMar 17, 2017
    risk 0.59cvss 9.0epss 0.02

    Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in…

  • CVE-2016-7283HigDec 20, 2016
    risk 0.59cvss 8.8epss 0.18

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2016-7273HigDec 20, 2016
    risk 0.59cvss 8.8epss 0.19

    The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

  • CVE-2016-7217HigNov 10, 2016
    risk 0.59cvss 8.8epss 0.22

    Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability."

  • CVE-2016-7205HigNov 10, 2016
    risk 0.59cvss 8.8epss 0.22

    Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows…

  • CVE-2016-3368HigSep 14, 2016
    risk 0.59cvss 8.8epss 0.18

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote authenticated users to execute arbitrary code by leveraging a domain account to make a…

  • CVE-2016-3367HigSep 14, 2016
    risk 0.59cvss 8.8epss 0.18

    StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption…

  • CVE-2016-3352HigSep 14, 2016
    risk 0.59cvss 8.8epss 0.21

    Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information…

  • CVE-2016-3297HigSep 14, 2016
    risk 0.59cvss 8.8epss 0.23

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-3248HigJul 13, 2016
    risk 0.59cvss 8.8epss 0.23

    The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted…

  • CVE-2016-3204HigJul 13, 2016
    risk 0.59cvss 8.8epss 0.19

    The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine…

  • CVE-2016-3210HigJun 16, 2016
    risk 0.59cvss 8.8epss 0.22

    The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2016-0200HigJun 16, 2016
    risk 0.59cvss 8.8epss 0.21

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and…

  • CVE-2016-0195HigMay 11, 2016
    risk 0.59cvss 8.8epss 0.18

    The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka…

  • CVE-2016-0188HigMay 11, 2016
    risk 0.59cvss 8.8epss 0.18

    The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka "Internet Explorer Security Feature Bypass."

  • CVE-2016-0184HigMay 11, 2016
    risk 0.59cvss 8.8epss 0.19

    Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted…

  • CVE-2016-0178HigMay 11, 2016
    risk 0.59cvss 8.8epss 0.17

    The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code…

  • CVE-2016-0101HigMar 9, 2016
    risk 0.59cvss 8.8epss 0.20

    Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution…

  • CVE-2016-0098HigMar 9, 2016
    risk 0.59cvss 8.8epss 0.20

    Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

  • CVE-2016-0069HigFeb 18, 2016
    risk 0.59cvss 8.8epss 0.19

    Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.

  • CVE-2016-0084HigFeb 10, 2016
    risk 0.59cvss 8.8epss 0.18

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

  • CVE-2016-0072HigFeb 10, 2016
    risk 0.59cvss 8.8epss 0.21

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…

  • CVE-2016-0062HigFeb 10, 2016
    risk 0.59cvss 8.8epss 0.22

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-0061HigFeb 10, 2016
    risk 0.59cvss 8.8epss 0.22

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2016-0060HigFeb 10, 2016
    risk 0.59cvss 8.8epss 0.28

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2016-0024HigJan 13, 2016
    risk 0.59cvss 8.8epss 0.18

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."

  • CVE-2013-0006HigJan 9, 2013
    risk 0.59cvss 8.8epss 0.28

    Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

  • CVE-2012-4775HigNov 14, 2012
    risk 0.59cvss 8.8epss 0.22

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."

  • CVE-2012-0175HigJul 10, 2012
    risk 0.59cvss 8.8epss 0.26

    The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command…

  • CVE-2011-3406HigDec 14, 2011
    risk 0.59cvss 8.8epss 0.23

    Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold…

  • CVE-2011-0663HigApr 13, 2011
    risk 0.59cvss 8.8epss 0.26

    Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."

  • CVE-2009-1544HigAug 12, 2009
    risk 0.59cvss 8.8epss 0.21

    Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold,…

  • CVE-2024-43455HigSep 10, 2024
    risk 0.58cvss 8.8epss 0.02

    Windows Remote Desktop Licensing Service Spoofing Vulnerability

  • CVE-2024-30103HigJun 11, 2024
    risk 0.58cvss 8.8epss 0.03

    Microsoft Outlook Remote Code Execution Vulnerability

  • CVE-2023-35641HigDec 12, 2023
    risk 0.58cvss 8.8epss 0.07

    Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

  • CVE-2023-35630HigDec 12, 2023
    risk 0.58cvss 8.8epss 0.06

    Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

  • CVE-2023-36400HigNov 14, 2023
    risk 0.58cvss 8.8epss 0.04

    Windows HMAC Key Derivation Elevation of Privilege Vulnerability

  • CVE-2023-36052HigNov 14, 2023
    risk 0.58cvss 8.6epss 0.22

    Azure CLI REST Command Information Disclosure Vulnerability

  • CVE-2023-36039HigNov 14, 2023
    risk 0.58cvss 8.0epss 0.73

    Microsoft Exchange Server Spoofing Vulnerability

  • CVE-2023-38148HigSep 12, 2023
    risk 0.58cvss 8.8epss 0.08

    Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

  • CVE-2023-36756HigSep 12, 2023
    risk 0.58cvss 8.0epss 0.75

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2023-36745HigSep 12, 2023
    risk 0.58cvss 8.0epss 0.81

    Microsoft Exchange Server Remote Code Execution Vulnerability

  • CVE-2023-33160HigJul 11, 2023
    risk 0.58cvss 8.8epss 0.05

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2023-28229HigKEVApr 11, 2023
    risk 0.58cvss 7.0epss 0.02

    Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

Page 15 of 284