418 matches found
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2016-7237
CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...
CVE-2018-8136
CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...
CVE-2017-0114
CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...
CVE-2017-0062
CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...
CVE-2018-0846
The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...
CVE-2016-0042
CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...
CVE-2017-8528
CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...
CVE-2017-0279
CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...
CVE-2017-11771
CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...
CVE-2018-0757
Technical details about CVE-2018-0757 are not publicly available in the provided documents. Connected sources discuss malware and general Windows kernel disclosures but do not specify affected products, versions, or fixes. Monitor for official updates.
CVE-2018-0820
CVE-2018-0820 affects the Windows kernel on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/2012 R2, Windows 10 (various builds) and Windows Server (various). The vulnerability arises from how objects are handled in memory, enabling local privilege escalation from a low-pr...
CVE-2017-0087
CVE-2017-0087 is a remote code execution vulnerability in Windows Uniscribe (USP10) affecting Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1. Connected data show exploits targeting USP10!MergeLigRecords, with heap memory corruption in Uniscribe’s font processing triggere...
CVE-2009-3676
The CVE-2009-3676 entry concerns a Denial of Service in the kernel SMB client of Windows 7 and Windows Server 2008 R2 caused by incomplete SMB responses (SMBv1 and SMBv2). A remote attacker or a man‑in‑the‑middle could trigger an infinite loop by sending a crafted SMB response, potentially freezi...
CVE-2016-0174
CVE-2016-0174 describes a local privilege escalation in Windows kernel-mode drivers (Win32k) affecting multiple Windows family versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8.1, Server 2012, RT 8.1, and Windows 10 1511/Gold). The vulnerability allows a locally authenticated attacker to gain hig...
CVE-2016-0176
CVE-2016-0176 is a Windows privilege-escalation flaw in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys). It affects multiple Windows versions (7 SP1, Server 2008 R2 SP1, 8.1, Server 2012 R2/Gold, RT 8.1, 10 variants). Root cause: improper handling of memory objects in the DirectX kernel subsy...
CVE-2017-0014
Public technical details for CVE-2017-0014 are not present in the provided connected documents. The records describe affected products and cross-reference other CVEs, but no concrete exploit vectors, impact specifics, or remediation are disclosed here. Monitor for updates.
CVE-2017-0099
CVE-2017-0099 pertains to Hyper-V in Microsoft Windows (lists affected: Windows Vista SP2, Server 2008 SP2/2008 R2, Windows 7 SP1, Windows 8.1, Server 2012 Gold/R2, Windows 10 Gold, 1511, 1607, Server 2016). The issue allows guest OS users, running as VMs, to cause a denial-of-service via a craft...
CVE-2016-0169
CVE-2016-0169 is a Windows Graphics Component Information Disclosure vulnerability in GDI across Windows Vista through Windows 10 (various editions). The issue arises from improper disclosure of memory contents via a crafted document, enabling remote information leakage. Public evidence includes ...
CVE-2017-8696
CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...
CVE-2016-3225
The CVE-2016-3225 issue affects the SMB server component in multiple Windows releases (e.g., Vista/Server 2008/7/8.1/2012/RT 8.1/10). The root cause is credential-forwarding by the Windows SMB server to an unintended service, enabling a local attacker to gain elevated privileges via a crafted app...
CVE-2016-3236
CVE-2016-3236 affects the WPAD proxy discovery implementation in multiple Windows editions (Vista through Windows 10). The weakness arises when WPAD proxy discovery is mishandled, which could allow a remote attacker to redirect network traffic via unspecified vectors, effectively an elevation of ...
CVE-2017-0077
CVE-2017-0077 is a Windows kernel vulnerability described as the Win32k Information Disclosure Vulnerability. It affects multiple Windows versions (Windows 7 SP1, Windows 8.1, Windows 10 releases up to 1703 and Windows Server 2016, among others) and is exploitable by a local, authenticated attack...
CVE-2018-8127
CVE-2018-8127 is a Windows kernel information-disclosure vulnerability affecting multiple Windows versions (e.g., Windows 7, 8.1, 10, and server editions). Root cause: the kernel improperly handles objects in memory, enabling information leakage. The connected records do not provide concrete expl...
CVE-2012-0173
Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.
CVE-2015-6130
CVE-2015-6130 is a Windows Uniscribe (USP10.DLL) vulnerability affecting Windows 7 SP1 and Windows Server 2008 R2 SP1. A specially crafted True Type Font (TTF) embedded in documents or web content can trigger an integer underflow in Uniscribe, allowing remote code execution. Microsoft issued MS15...
CVE-2017-0275
CVE-2017-0275 is an SMBv1 information-disclosure vulnerability in Microsoft Windows SMB server handling of certain requests. The initial description lists affected products as Windows platforms including Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and ...
CVE-2018-1008
CVE-2018-1008 describes a local elevation-of-privilege vulnerability in Windows Adobe Type Manager Font Driver (ATMFD.dll). The flaw stems from improper handling of objects in memory, enabling an attacker to execute arbitrary code with kernel or SYSTEM privileges on vulnerable Windows editions (W...
CVE-2013-3174
CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...
CVE-2014-1767
CVE-2014-1767 is a local privilege-escalation vulnerability in the Windows Ancillary Function Driver (afd.sys) leveraged via a dangling/double-free condition in kernel-mode code (AFD). Public materials indicate Microsoft MS14-040 addressed this flaw, affecting multiple Windows versions from Windo...
CVE-2016-7272
CVE-2016-7272 affects the Windows Graphics component across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, 7, 8.1, 2012/R2, RT 8.1, 10 Gold/1511/1607, Server 2016). The vulnerability enables remote code execution via a crafted web site, with network attack vector and no privileges requ...
CVE-2012-0181
CVE-2012-0181 affects Win32k.sys in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 CP). The vulnerability is a memory-corruption/logic issue in the kernel-mode ReadLayoutFile path that handles keyboard layout files, allowing loc...
CVE-2016-0070
Technical details of CVE-2016-0070 are not publicly provided in the Connected Documents. Monitor for updates.
CVE-2017-0045
CVE-2017-0045 is a Windows DVD Maker XML External Entity (XXE) information-disclosure vulnerability affecting Windows 7 SP1, Windows Server 2008 SP2/R2 SP1, and Windows Vista SP2. The vulnerability arises when parsing crafted .msdvd files, enabling an attacker to access local files information on...
CVE-2016-3345
CVE-2016-3345 is the Windows SMBv1 Server Remote Code Execution vulnerability. The SMBv1 server on affected Windows editions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8.1, Server 2012 R2/2012, Windows RT 8.1, Windows 10 1511/1607) could allow an authenticated attacker to execute arbi...
CVE-2016-3371
CVE-2016-3371 is a Windows kernel elevation of privilege vulnerability affecting a broad set of Windows versions (Vista SP2/2008 SP2 R2, Windows 7 SP1, 8.1, Server 2012/RT, Windows 10 1511/1607). The issue stems from improper enforcement of permissions by the Windows Kernel API, allowing local at...
CVE-2017-0050
Technical details about CVE-2017-0050 are not publicly provided in the connected documents. The sources reference the vulnerability generally; monitor for updates on affected products, root cause, and fixes.
CVE-2012-0180
CVE-2012-0180 affects win32k.sys in multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8 CP). The issue is improper handling of user-mode input in kernel-mode for windows and messages, enabling local privilege escalation via a crafted app...
CVE-2017-8577
Technical details for CVE-2017-8577 are not provided in the supplied documents; no explicit affected product/version, root cause, impact, or fix is disclosed here. Monitor for updates.
CVE-2016-7205
CVE-2016-7205 is a Windows memory corruption vulnerability in the Animation Manager that can be triggered by visiting a crafted web site, enabling remote code execution. Affected products include Windows 7 SP1, Windows 8.1, Windows 10 (various builds), Windows Server 2008 R2 SP1, Windows Server 2...
CVE-2017-0175
CVE-2017-0175 is a Windows kernel local information disclosure vulnerability reported for Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1. The initial entry describes an information leak via a specially crafted document, with authentication required marked as none in CVSS. Connected sources refe...
CVE-2017-0280
CVE-2017-0280 is a remote-denial-of-service vulnerability in the Microsoft Windows SMB Server (SMBv1). The issue occurs when the SMBv1 server processes crafted SMB requests, allowing an unauthenticated attacker to trigger a DoS condition on the target system. Documents reference the vulnerability...
CVE-2017-11847
CVE-2017-11847 affects the Windows kernel across multiple Windows client/server versions (Windows 7 SP1; Windows 8.1/RT; Windows 10 1511–1709; Windows Server 2008/2012/2016, etc.). The root cause is improper handling of objects in memory, enabling a local attacker to escalate privileges and run a...
CVE-2018-0844
The CVE-2018-0844 entry describes an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS) driver, affecting multiple Windows versions (Windows 7 SP1, Windows 8.1/RT 8.1, Server 2008 SP2/R2 SP1, 2012/R2, 2016, and 1709). The root cause is how objects in memory are hand...
CVE-2016-3303
CVE-2016-3303 affects the Windows font library in Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010/Attendee, and Live Meeting 2007 Console. Root cause:** improper handling of construct...
CVE-2016-7274
CVE-2016-7274 concerns the Windows Uniscribe component (usp10.dll). The issue stems from an integer/heap-related vulnerability in the LoadUvsTable() function that could enable remote code execution when processing untrusted font data via a crafted web site. Public analyses (e.g., Google Project Z...
CVE-2017-0260
Technical details for CVE-2017-0260 are not provided in the connected documents. The initial entry notes an Office Remote Code Execution vulnerability, but there are no concrete product/version/impact/fix details here. Monitor official advisories for updates.
CVE-2017-0276
Technical details for CVE-2017-0276 are not publicly available in the provided documents. Monitor for updates; current sources in the set do not describe affected products/versions, root cause, or remediation specific to this CVE.
CVE-2017-8533
CVE-2017-8533 is an information‑disclosure vulnerability in Windows graphics handling, specifically the Uniscribe/GDI path, where memory contents can be exposed. The issue affects multiple Windows editions listed in the CVE entry (e.g., Windows 7 SP1, 8.1, various Windows 10 versions, Windows Ser...
CVE-2018-8134
CVE-2018-8134 is an elevation of privilege vulnerability in the Windows Kernel API that affects Windows 8.1, Windows 10 (including Windows Server variants) and related OSes. The faulty enforcement of permissions is the root cause. The connected CIRCL entry indicates a public exploit is available ...