VYPR

Vendor CVEs

Microsoft

All CVEs

14,214 total · sorted by risk
  • CVE-2011-1261Jun 16, 2011
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."

  • CVE-2011-1258Jun 16, 2011
    risk 0.01cvss epss 0.15

    Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information…

  • CVE-2011-1256Jun 16, 2011
    risk 0.01cvss epss 0.19

    Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."

  • CVE-2011-1254Jun 16, 2011
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability."

  • CVE-2011-1251Jun 16, 2011
    risk 0.01cvss epss 0.18

    Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Manipulation Memory Corruption Vulnerability."

  • CVE-2011-0664Jun 16, 2011
    risk 0.01cvss epss 0.16

    Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser…

  • CVE-2011-1270May 13, 2011
    risk 0.01cvss epss 0.16

    Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."

  • CVE-2011-1269May 13, 2011
    risk 0.01cvss epss 0.15

    Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper…

  • CVE-2011-1845May 3, 2011
    risk 0.01cvss epss 0.12

    Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or…

  • CVE-2011-1844May 3, 2011
    risk 0.01cvss epss 0.12

    Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.

  • CVE-2011-1713Apr 15, 2011
    risk 0.01cvss epss 0.11

    Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. NOTE: this might overlap CVE-2011-1202.

  • CVE-2011-1245Apr 13, 2011
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."

  • CVE-2011-1244Apr 13, 2011
    risk 0.01cvss epss 0.15

    Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."

  • CVE-2011-0660Apr 13, 2011
    risk 0.01cvss epss 0.17

    The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response,…

  • CVE-2011-0107Apr 13, 2011
    risk 0.01cvss epss 0.11

    Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component…

  • CVE-2010-3974Apr 13, 2011
    risk 0.01cvss epss 0.19

    fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to…

  • CVE-2011-1652Apr 6, 2011
    risk 0.01cvss epss 0.12

    The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote…

  • CVE-2011-0032Mar 9, 2011
    risk 0.01cvss epss 0.10

    Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current…

  • CVE-2011-1068Feb 23, 2011
    risk 0.01cvss epss 0.10

    Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obtain potentially…

  • CVE-2011-0038Feb 10, 2011
    risk 0.01cvss epss 0.11

    Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse IEShims.dll in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure…

  • CVE-2011-0031Feb 9, 2011
    risk 0.01cvss epss 0.17

    The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via…

  • CVE-2010-3966Dec 16, 2010
    risk 0.01cvss epss 0.13

    Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS…

  • CVE-2010-3965Dec 16, 2010
    risk 0.01cvss epss 0.12

    Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working…

  • CVE-2010-3959Dec 16, 2010
    risk 0.01cvss epss 0.14

    The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP…

  • CVE-2010-3956Dec 16, 2010
    risk 0.01cvss epss 0.08

    The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted…

  • CVE-2010-3937Dec 16, 2010
    risk 0.01cvss epss 0.19

    Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."

  • CVE-2010-3348Dec 16, 2010
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different…

  • CVE-2010-3342Dec 16, 2010
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different…

  • CVE-2010-3337Nov 10, 2010
    risk 0.01cvss epss 0.11

    Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.

  • CVE-2010-2734Nov 10, 2010
    risk 0.01cvss epss 0.14

    Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile…

  • CVE-2010-2733Nov 10, 2010
    risk 0.01cvss epss 0.14

    Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP…

  • CVE-2010-2732Nov 10, 2010
    risk 0.01cvss epss 0.14

    Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG…

  • CVE-2010-3327Oct 13, 2010
    risk 0.01cvss epss 0.15

    The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element…

  • CVE-2010-3225Oct 13, 2010
    risk 0.01cvss epss 0.17

    Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."

  • CVE-2010-3223Oct 13, 2010
    risk 0.01cvss epss 0.13

    The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these…

  • CVE-2010-0808Oct 13, 2010
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure…

  • CVE-2010-3200Sep 20, 2010
    risk 0.01cvss epss 0.11

    MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.

  • CVE-2010-2728Sep 15, 2010
    risk 0.01cvss epss 0.17

    Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."

  • CVE-2010-2567Sep 15, 2010
    risk 0.01cvss epss 0.07

    The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC…

  • CVE-2010-2563Sep 15, 2010
    risk 0.01cvss epss 0.19

    The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an…

  • CVE-2010-0818Sep 15, 2010
    risk 0.01cvss epss 0.14

    The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code…

  • CVE-2010-2566Aug 11, 2010
    risk 0.01cvss epss 0.15

    The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL…

  • CVE-2010-2562Aug 11, 2010
    risk 0.01cvss epss 0.18

    Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

  • CVE-2010-1258Aug 11, 2010
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain…

  • CVE-2010-0019Aug 11, 2010
    risk 0.01cvss epss 0.14

    Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka…

  • CVE-2010-2442Jun 24, 2010
    risk 0.01cvss epss 0.12

    Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."

  • CVE-2010-2119Jun 1, 2010
    risk 0.01cvss epss 0.09

    Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs.

  • CVE-2010-2118Jun 1, 2010
    risk 0.01cvss epss 0.10

    Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.

  • CVE-2010-2088May 27, 2010
    risk 0.01cvss epss 0.09

    ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

  • CVE-2010-2085May 27, 2010
    risk 0.01cvss epss 0.09

    The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.

Page 244 of 285