Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4323 | 1 Microsoft | 1 Windows Xp | 2024-02-04 | 4.3 MEDIUM | N/A |
| Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | |||||
| CVE-2008-5542 | 2 Microsoft, Sunbeltsoftware | 2 Internet Explorer, Vipre | 2024-02-04 | 9.3 HIGH | N/A |
| Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2009-0079 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-02-04 | 6.9 MEDIUM | N/A |
| The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." | |||||
| CVE-2008-4927 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4312 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe. | |||||
| CVE-2009-3951 | 2 Adobe, Microsoft | 3 Adobe Air, Flash Player, Windows | 2024-02-04 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 on Windows allows remote attackers to obtain the names of local files via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4820. | |||||
| CVE-2009-0221 | 1 Microsoft | 1 Office Powerpoint | 2024-02-04 | 9.3 HIGH | N/A |
| Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability." | |||||
| CVE-2009-3132 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability." | |||||
| CVE-2008-4820 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2024-02-04 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and earlier on Windows allows attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2008-1545 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. | |||||
| CVE-2009-3675 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 6.8 MEDIUM | N/A |
| LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." | |||||
| CVE-2008-5554 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 4.3 MEDIUM | N/A |
| The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario." | |||||
| CVE-2008-3860 | 2 Ibm, Microsoft | 4 Aix, I5os, Lotus Quickr and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. NOTE: the vulnerability in the WYSIWYG editors may exist because of an incomplete fix for CVE-2008-2163. | |||||
| CVE-2008-0312 | 2 Microsoft, Symantec | 5 Windows, Norton 360, Norton Antivirus and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5526 | 2 Drweb, Microsoft | 2 Anti-virus, Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2009-2501 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2024-02-04 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." | |||||
| CVE-2009-0202 | 1 Microsoft | 1 Office Powerpoint | 2024-02-04 | 9.3 HIGH | N/A |
| Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | |||||
| CVE-2009-3676 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 7.1 HIGH | N/A |
| The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." | |||||
| CVE-2008-4110 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 7.6 HIGH | N/A |
| Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. | |||||
| CVE-2007-6724 | 2 Microsoft, Vidalia-project | 2 Windows, Vidalia Bundle | 2024-02-04 | 5.0 MEDIUM | N/A |
| Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||