CVE-2020-1253

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310...

Remote code execution

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Windows Push Notification Service Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems.Push Notification Service is one of the push notification services. An...

Microsoft Windows Media Foundation Information Disclosure Vulnerability (CNVD-2020-26238)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Media Foundation is one of the multimedia application libraries. An information disclosure...

CVE-2020-0807

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869...

CVE-2020-0762

An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Defender Security Center Elevation of Privilege Vulnerability'. This CVE ID is...

Microsoft Windows Search Indexer elevation of privilege vulnerability (CNVD-2020-16655)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the way memory objects are handled in Microsoft Windows Search Indexer. An attacker could exploit the vulnerability to execute code with elevated...

CVE-2019-1117

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124,...

DirectWrite Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts wi...

Security Update for Microsoft Office (October 2017) (macOS)

The Microsoft Office 2016 application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by a remote code execution vulnerability that exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who...

Microsoft Windows 'Win32k.sys' Local Information Disclosure Vulnerability

Microsoft Windows is the popular operating system. Microsoft Windows Win32k does not properly handle memory objects, allowing an attacker to exploit a vulnerability by submitting a special request that could obtain sensitive information...

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows that stems from the way Windows Search handles memory objects. A remote attacker could exploit this vulnerability to execute arbitrary...

Win32k elevation of privilege vulnerability MS16-135）(CVE-2016-7255)

If the Windows kernel-mode drivers do not properly handle objects in memory, then there will be multiple elevation of Privilege vulnerabilities. Successful exploitation of this vulnerability an attacker can run in kernel mode arbitrary code. An attacker could then install programs; view, change, ...

KLA10806 Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper memory...

KLA10739 Code execution vulnerability in Microsoft VBScript

Improper memory objects handling was found in Microsoft VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content. Technical details To mitigate this vulnerability you can restrict acces...

KLA10675 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper memory...

Race condition

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that...