418 matches found
CVE-2016-0128
Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.
CVE-2012-0002
CVE-2012-0002 is a Remote Desktop Protocol memory-processing vulnerability in affected Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1). The flaw permits remote code execution by sending specially crafted RDP packets tha...
CVE-2017-0055
CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...
CVE-2017-0214
CVE-2017-0213 is a Windows Privilege Escalation flaw in the COM Aggregate Marshaler. Reports confirm it enables local elevation of privilege when a specially crafted app is run, affecting Windows client and server SKUs listed in the CVE description. Several connected sources document exploitation...
CVE-2016-0143
CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...
CVE-2017-8552
Technical details for CVE-2017-8552 are not publicly provided in the connected documents. No concrete product/version/impact details are present beyond the high-level description. Monitor for updates.
CVE-2016-3308
Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.
CVE-2017-0025
Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.
CVE-2017-11835
CVE-2017-11835 affects the Microsoft Windows Embedded OpenType (EOT) font engine. The vulnerability exists in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, where specially crafted embedded fonts parsed by the EOT font engine can allow a local attacker who logs on and opens a document to read...
CVE-2017-0047
Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.
CVE-2017-8563
CVE-2017-8563 is an elevation-of-privilege vulnerability in Windows where Kerberos can fall back to NTLM as the default authentication protocol. The issue is exposed via LDAP/NTLM negotiation and can enable domain‑level credential abuse if NTLM relay occurs. Public documentation notes that follow...
CVE-2012-0152
CVE-2012-0152 is a denial-of-service vulnerability in the RDP/Terminal Server component of Windows: affected OSes include Windows 7 and Windows Server 2008 R2 (and SP1). It can be triggered by a sequence of crafted RDP packets, causing an application hang. The issue is addressed by MS12-020, whic...
CVE-2016-3311
CVE-2016-3311 is a Windows kernel-mode driver elevation of privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, Server 2012, Windows RT 8.1, and Windows 10 variants). The issue arises in Win32k kernel components where a crafted applicatio...
CVE-2016-3310
CVE-2016-3310 is a Win32k Elevation of Privilege vulnerability affecting multiple Windows versions. The issue arises in kernel‑mode drivers where improper handling of memory objects enables a local user to execute code with SYSTEM privileges via a crafted application. This is a local, non‑authent...
CVE-2013-3175
CVE-2013-3175 is a Windows elevation-of-privilege issue in the handling of asynchronous RPC requests. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. Root cause...
CVE-2017-8582
CVE-2017-8582 affects the HTTP.sys server component in multiple Windows editions. The vulnerability arises from the component’s improper handling of in-memory objects, enabling a remote, unauthenticated attacker to obtain information and potentially facilitate further compromise. The impact is an...
CVE-2017-0174
CVE-2017-0174 is a Windows NetBIOS Denial of Service vulnerability. Exploitation involves sending malformed NetBIOS packets to affected Windows versions (Windows 7/8.1/10, Windows Server 2008-2016 and related). The underlying cause is improper handling within the Windows NetBIOS/network stack, al...
CVE-2010-0270
The CVE-2010-0270 entry describes a remote code execution/memory corruption vulnerability in the SMB client of Windows 7 and Windows Server 2008 R2. The SMB client fails to properly validate fields in SMB responses (SMB transaction responses), for both SMBv1 and SMBv2, allowing remote SMB servers...
CVE-2017-0272
CVE-2017-0272 affects the Microsoft Windows SMBv1 server on Windows clients/servers (Windows 7/8.1, Windows Server 2008 SP2/R2 SP1, 2012, 2016, 10 versions etc.). Root cause: the SMBv1 server mishandles certain requests, enabling remote code execution by a remote attacker. Impact is high (remote ...
CVE-2016-0051
CVE-2016-0051 is a local privilege-escalation vulnerability in the Windows WebDAV client. The issue stems from the WebDAV client’s handling of crafted input, allowing a local attacker to gain SYSTEM-level privileges on affected Vista/7/8.1/2012/RT/10 variants with the WebDAV component (WebDAV cli...
CVE-2012-1851
CVE-2012-1851 is a format string vulnerability in the Windows Print Spooler service that allows remote code execution. Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. Root cause: Print Spooler mishandles crafted response...
CVE-2012-0159
CVE-2012-0159 is a kernel-level remote code execution vulnerability in Microsoft Windows related to TrueType font parsing. The root cause is a sign extension error in the kernel’s handling of TrueType compound glyphs within win32k.sys, which can be triggered by a crafted TTF file. Affected produc...
CVE-2010-0476
CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...
CVE-2012-1527
CVE-2012-1527 corresponds to Windows Shell Briefcase Integer Underflow. The vulnerability arises from an integer underflow in the Briefcase feature of Windows Shell, enabling local privilege escalation for affected Windows editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Wind...
CVE-2013-0013
The CVE-2013-0013 issue affects the Windows SSL/TLS stack: multiple Windows versions (Vista SP2, Server 2008 SP2/R2 and SP1, Windows 7, 8, Server 2012, Windows RT) have a flaw in the SSL provider that mishandles encrypted packets, enabling a man-in-the-middle to downgrade SSLv2 and intercept hand...
CVE-2013-3868
CVE-2013-3868 affects Microsoft Active Directory Lightweight Directory Service (AD LDS) and Active Directory Services across Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, and Server 2012. The vulnerability allows remote attackers to trigger a denial of service (LDAP...
CVE-2012-0217
CVE-2012-0217 affects the x86-64 kernel sysret path across multiple platforms (Xen 4.1.2 and earlier, XenServer 6.0.2 and earlier, Solaris 11 and earlier, illumos before r13724, FreeBSD before 9.0-RELEASE-p3, NetBSD 6.0 Beta and earlier, Windows Server 2008 R2/R2 SP1/Windows 7 SP1, and others). T...
CVE-2017-0170
CVE-2017-0170 is an information-disclosure flaw in Windows Performance Monitor Console where XML input is parsed unsafely, allowing an XML external entity (XXE) to read arbitrary files. Affected are Windows versions listed in the CVE description (Windows 7/8.1/10, Windows Server variants, and Win...
CVE-2017-0277
CVE-2017-0277 describes a remote code execution vulnerability in the Microsoft Windows SMBv1 server. The SMBv1 service on affected Windows versions (Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT 8.1, Windows 10 1511/1607/1703, Windows Server 2...
CVE-2016-7212
CVE-2016-7212 affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, 10 up to 1607, and Server 2016) where a crafted image file can lead to remote code execution. Root cause: improper handling in the Windows image load feature. Impact is remote cod...
CVE-2012-0175
CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...
CVE-2017-0158
CVE-2017-0158 is a Windows scripting engine memory corruption vulnerability. The issue arises from improper handling/sanitization of in-memory handles in the Scripting Engine, enabling remote code execution when a user visits a malicious site or opens a crafted document. Affected platforms includ...
CVE-2013-3183
Microsoft Windows ICMPv6 Packet Denial of Service (CVE-2013-3183) affects multiple Windows platforms (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8, 2012, RT) where the TCP/IP stack improperly allocates memory for inbound ICMPv6 packets, causing remote denial of service (system hang) via crafted packets. ...
CVE-2017-11780
CVE-2017-11780 is a remote code execution vulnerability in the Microsoft Windows Server Message Block 1.0 (SMBv1) server. The issue occurs when SMBv1 fails to handle certain requests, allowing an unauthenticated attacker to execute code on the target server over the network. Affected products inc...
CVE-2012-4774
CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...
CVE-2017-0161
CVE-2017-0161 is a Windows NetBT Session Services vulnerability described as a race condition when NetBT fails to maintain certain sequencing requirements, enabling a remote code execution in affected Windows releases. The CVE is present in Windows 7/8.1/10 and server SKUs listed in the initial d...
CVE-2017-0038
The connected material describes a Windows IO Manager bug class (two-step: kernel-mode Initiator sets INPC and IFAC without OFAC; Receiver uses RequestorMode) that can bypass security checks and enable privilege escalation. It clarifies that INPC disables MemAC and SecAC, while OFAC can re-enable...
CVE-2017-8565
CVE-2017-8565 is a Windows PowerShell remote code execution vulnerability triggered when PSObject wraps a CIM Instance. Connected sources describe in detail that deserialization via PSObject, LosFormatter, ObjectStateFormatter (and related gadget chains) can enable remote code execution in PowerS...
CVE-2012-0150
CVE-2012-0150 describes a buffer overflow in the C runtime library (msvcrt.dll) used by multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7/7 SP1). The vulnerability arises when parsing a crafted media file, copying a version string into a fixed-length stack buffer, allowing remot...
CVE-2010-2550
CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...
CVE-2010-3956
CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....
CVE-2011-5046
CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...
CVE-2016-0026
Technical details about CVE-2016-0026 are not publicly provided in the supplied documents; no specific affected products or fixes are described. Monitor for updates.
CVE-2012-1528
CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...
CVE-2012-2551
CVE-2012-2551 is a Kerberos denial-of-service vulnerability affecting Microsoft Windows 7 (including SP1) and Windows Server 2008 R2 (including R2 SP1). The issue is described as a remote denial of service via a crafted Kerberos session request that triggers a NULL pointer dereference, potentiall...
CVE-2016-3304
CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...
CVE-2017-0269
CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...
CVE-2017-0114
CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...
CVE-2018-0825
CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...