21761 matches found
Windows Imaging Component Information Disclosure Vulnerability
An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker...
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation CNG Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit this vulnerability, an attacker would...
Microsoft Graphics Components Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafte...
Microsoft Office Information Disclosure Vulnerability
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special...
Windows Subsystem for Linux Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execute code with elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim...
GDI+ Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...
.NET Framework Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the...
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first hav...
Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project. To exploit this vulnerability, an attacker would first have...
GDI+ Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or dele...
Remote Desktop Client Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs;...
Microsoft Office Excel Security Feature Bypass
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The security feature bypass by itself does not allow arbitrary code execution. To successfully exploit the vulnerability, an attacker would have to embed a control in ...
HTTP/2 Server Denial of Service Vulnerability
A denial of service vulnerability exists in the HTTP/2 protocol stack HTTP.sys when HTTP.sys improperly parses specially crafted HTTP/2 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. ...
Windows VBScript Engine Remote Code Execution Vulnerability
This information is being revised to indicate that this CVE CVE-2019-1183 is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required...
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us...
Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...
Windows OLE Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...
Internet Explorer Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, a...
Windows VBScript Engine Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...
Internet Explorer Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges the permissions of the curre...
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...
Windows SMB Denial of Service Vulnerability
A denial of service vulnerability exists in the Microsoft Server Block Message SMB when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to se...
Azure IoT SDK Spoofing Vulnerability
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform. An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process. To exploit this vulnerability, an...
.NET Framework Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly...
Windows DNSAPI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System DNS DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the...
DirectX Graphics Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...
Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization ASLR bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...
NetBIOS Remote Code Execution Vulnerability
A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacte...
Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
Windows NetBIOS Denial of Service Vulnerability
A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets. An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive. A remote unauthenticated attacker could exploit this vulnerability by...
Microsoft Edge Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing script to run with elevated privileges. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the...
Microsoft PowerPoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
Windows COM Session Elevation of Privilege Vulnerability
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session. To exploit the...
Microsoft Edge Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy SOP restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploite...
Microsoft Edge Elevation of Privilege Vulnerability
A vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone. To...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based...
Windows COM Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have t...
Microsoft Office Memory Corruption Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...
Windows PDF Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
Secure Boot Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, ...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploit...
Windows DLL Loading Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library DLL files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete...
Windows TCP/IP Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network...