Filtered by vendor Microsoft
Subscribe
Total
22985 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3037 | 1 Microsoft | 1 Windows Media Player | 2025-04-09 | 4.0 MEDIUM | N/A |
| Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." | |||||
| CVE-2007-0946 | 1 Microsoft | 4 Internet Explorer, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. | |||||
| CVE-2009-0228 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability." | |||||
| CVE-2007-1727 | 4 Hp, Linux, Microsoft and 1 more | 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | |||||
| CVE-2009-0133 | 1 Microsoft | 1 Html Help Workshop | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564. | |||||
| CVE-2009-0945 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | |||||
| CVE-2007-3030 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-09 | 7.6 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". | |||||
| CVE-2008-3851 | 2 Microsoft, Pluck | 2 Windows, Pluck | 2025-04-09 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194. | |||||
| CVE-2006-1311 | 1 Microsoft | 5 Learning Essentials, Office, Windows 2000 and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. | |||||
| CVE-2007-1499 | 1 Microsoft | 3 Ie, Windows Vista, Windows Xp | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | |||||
| CVE-2006-6601 | 2 Microsoft, Windows | 2 Windows Xp, Media Player | 2025-04-09 | 4.3 MEDIUM | N/A |
| Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | |||||
| CVE-2006-5544 | 1 Microsoft | 1 Ie | 2025-04-09 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. | |||||
| CVE-2009-2498 | 1 Microsoft | 8 Media Foundation Sdk, Windows 2000, Windows Media Format Runtime and 5 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." | |||||
| CVE-2008-4030 | 1 Microsoft | 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. | |||||
| CVE-2007-2884 | 1 Microsoft | 1 Visual Basic | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | |||||
| CVE-2008-0103 | 1 Microsoft | 1 Office | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." | |||||
| CVE-2007-3033 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. | |||||
| CVE-2008-2254 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2008-5529 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2025-04-09 | 1.9 LOW | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||||