Lucene search
+L
MicrosoftWindows 8

254 matches found

CVE
CVE
added 2014/03/12 1:0 a.m.116 views

CVE-2014-0301

CVE-2014-0301 is a DirectShow memory corruption (double-free) in qedit.dll used when processing JPEGs, enabling remote code execution on Windows XP/Server 2003/Vista/Server 2008/Windows 7/8/8.1/Server 2012. Affected components include DirectShow JPEG handling; root cause is a double-free in JPEG ...

9.3CVSS7.5AI score0.13974EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.116 views

CVE-2017-0050

Technical details about CVE-2017-0050 are not publicly provided in the connected documents. The sources reference the vulnerability generally; monitor for updates on affected products, root cause, and fixes.

7.8CVSS5.7AI score0.01468EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.114 views

CVE-2015-2554

CVE-2015-2554 is a Windows kernel elevation-of-privilege vulnerability (Windows 8/8.1, Windows Server 2012 RT/R2, Windows RT 8.1, Windows 10). The issue allows local attackers to gain privileges via a crafted application and is addressed by MS15-111 (KB3096447). Public exploits exist (per Exploit...

7.2CVSS6.3AI score0.03553EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.111 views

CVE-2015-0002

CVE-2015-0002 (AppCompat Cache Elevation of Privilege) affects Windows via AhcVerifyAdminContext in ahcache.sys, introduced with Windows 8/8.1 era. The root cause is improper validation of the caller’s impersonation token: the code retrieves the token and checks for LocalSystem or Administrators,...

7.2CVSS6.5AI score0.13802EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.110 views

CVE-2015-2506

The CVE-2015-2506 issue is a remote DoS in the Windows Adobe Type Manager Library (atmfd.dll) triggered by specially crafted OpenType fonts. The vulnerable component is the Adobe Type Manager Library integrated in Windows (atmfd.dll). Underlying cause is improper parsing/handling of OpenType font...

9.3CVSS6.4AI score0.15881EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.108 views

CVE-2015-6127

CVE-2015-6127 (MS15-134) affects Windows Media Center in Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1. A crafted .mcl file allows a remote attacker to read arbitrary files from the local filesystem via the embedded IE component, enabling an information disclosure vulnerability. Th...

4.3CVSS6.2AI score0.46006EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.107 views

CVE-2015-2435

CVE-2015-2435 is a TrueType font parsing vulnerability impacting Microsoft Windows (multiple editions listed) and related components (e.g., Silverlight, Office) that allows remote code execution via a crafted font. The issue is documented with a CVSS v2 base score of 9.3 (high) and network attack...

9.3CVSS7.4AI score0.2187EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.107 views

CVE-2015-2463

CVE-2015-2463/2464 describe a TrueType font parsing vulnerability affecting multiple Windows variants (Vista SP2, 7 SP1, 8/8.1, Server 2008/2012, RT, Office 2007/2010, Silverlight, .NET Framework). The issue allows remote code execution via a crafted TrueType font, caused by a parsing flaw in the...

9.3CVSS7.3AI score0.34475EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.106 views

CVE-2015-6132

CVE-2015-6132 is the Windows library loading remote code execution vulnerability affecting multiple Windows versions. Root cause: mishandled library loading enabling local privilege escalation via a crafted application. The MS15-132 security update fixes this, with public exploits and a Metasploi...

7.2CVSS7AI score0.84701EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.105 views

CVE-2015-2432

CVE-2015-2432 affects ATMFD.DLL in the Windows Adobe Type Manager Library, enabling remote code execution via crafted OpenType fonts. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 (and RT variants). The root cause is...

9.3CVSS7.5AI score0.30271EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.105 views

CVE-2015-2455

CVE-2015-2455 (TrueType Font Parsing Vulnerability) is a Windows font-processing defect discovered via Project Zero fuzzing of the Windows kernel font stack (win32k.sys and ATMFD.DLL) affecting TrueType fonts and related SFNT tables. The Google Project Zero report outlines that incorrect handling...

9.3CVSS7.3AI score0.37429EPSS
CVE
CVE
added 2014/08/12 9:0 p.m.103 views

CVE-2014-0316

CVE-2014-0316 affects the Local RPC (LRPC) server in multiple Windows platforms, where the root cause is improper handling of malformed RPC messages (invalid data view) that can trigger a memory leak and bypass ASLR. This is documented as a remote code capability focusing on a memory exhaustion/D...

7.5CVSS6.5AI score0.11461EPSS
CVE
CVE
added 2014/12/11 12:0 a.m.103 views

CVE-2014-6355

CVE-2014-6355 concerns a vulnerability in the Microsoft Graphics Component where JPEG decoding in memory is mishandled, enabling information disclosure when a user visits a crafted web site. Affected products include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...

5CVSS6.2AI score0.34203EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.103 views

CVE-2015-2456

Summary from Project Zero (2016) : Windows kernel font handling (TTF/OTF) contained multiple vulnerabilities discovered via fuzzing (ATMFD.DLL, win32k.sys) with several CVEs (notably CVE-2015-2455 and CVE-2015-2456). Root cause highlighted: the IUP instruction handler in win32k!itrp_IUP failed to...

9.3CVSS7.3AI score0.35562EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.102 views

CVE-2013-3129

CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...

9.3CVSS7.3AI score0.32378EPSS
CVE
CVE
added 2014/02/12 2:0 a.m.100 views

CVE-2014-0266

CVE-2014-0266 (MS14-005) affects Microsoft XML Core Services (MSXML) 3.0 used by Internet Explorer. The root cause is an information-disclosure vulnerability in the MSXML ActiveX controls that can be triggered when a user visits a specially crafted web page, allowing remote attackers to bypass th...

7.1CVSS6.3AI score0.1941EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.100 views

CVE-2015-2515

CVE-2015-2515 is a remote code execution vulnerability in Windows Shell caused by a use-after-free when handling crafted toolbar objects. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012/2012 R2, Windows RT/RT 8.1, and ...

9.3CVSS7.5AI score0.28661EPSS
CVE
CVE
added 2014/11/11 10:0 p.m.99 views

CVE-2014-4118

CVE-2014-4118 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability arises when parsing crafted XML content, allowing remote code execution or system-state corruption on multiple Windows versions (MSXML 3.0 in Windows Server 2003 SP2; Vista SP2; Server 2008 SP2 and R2 SP1; Windows 7 ...

9.3CVSS8.3AI score0.13661EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.99 views

CVE-2015-2373

CVE-2015-2373 is the RDP remote code execution vulnerability affecting Windows 7 SP1, Windows 8, and Windows Server 2012, caused by improper handling of crafted RDP packets in the RDP server. It can allow remote attackers to execute arbitrary code without authentication; public exploits exist. Mi...

10CVSS8AI score0.3897EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.99 views

CVE-2015-6131

CVE-2015-6131 affects Microsoft Windows Media Center; remote code execution via crafted .mcl files is possible in Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1. The underlying issue is parsing of MCL content that can reference themselves within the Windows Media Center IE security ...

9.3CVSS7.5AI score0.30538EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.97 views

CVE-2015-0001

The CVE-2015-0001 entry concerns Microsoft Windows Windows Error Reporting (WER) and local bypass of Protected Process Light, enabling an administrator to read contents of arbitrary process memory. Affected OSes per the initial description include Windows 8, 8.1, Windows Server 2012 (Gold/R2), an...

1.9CVSS6.3AI score0.02586EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.97 views

CVE-2015-0004

CVE-2015-0004 concerns a local privilege-escalation in the Windows User Profile Service (ProfSvc). According to the provided sources, the vulnerability is exploited by a junction attack that loads another user’s UsrClass.dat registry hive, enabling local users to gain privileges. Affected product...

7.2CVSS6.5AI score0.03545EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.97 views

CVE-2015-2362

CVE-2015-2362 affects Hyper-V in Microsoft Windows: the vulnerability arises because guest OS system data structures are not properly initialized, allowing a guest-OS user with privileges to execute arbitrary code on the host. The issue is tied to Hyper-V System Data Structure Vulnerability and i...

7.2CVSS7.4AI score0.01617EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.97 views

CVE-2015-2458

CVE-2015-2458 (ATMFD.DLL OpenType parsing) affects the Windows Adobe Type Manager Library across multiple Windows versions. The connected ExploitPack/EDB entry details an out-of-bounds read in ATMFD.DLL triggered by processing a corrupted OpenType font, leading to a potential remote code executio...

9.3CVSS7.3AI score0.32351EPSS
CVE
CVE
added 2015/11/11 11:0 a.m.97 views

CVE-2015-2478

CVE-2015-2478 is the Windows Winsock Elevation of Privilege vulnerability. A crafted application can trigger a Winsock call referencing an invalid address, enabling local privilege escalation on multiple Windows platforms: Windows Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windo...

7.2CVSS6.5AI score0.0189EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.97 views

CVE-2015-6107

CVE-2015-6107 concerns a remote-code-execution vulnerability in the Windows font library. The issue arises when parsing specially crafted embedded fonts, enabling arbitrary code execution on affected systems. Public references indicate this affects a broad set of Windows versions (Vista through W...

9.3CVSS7.5AI score0.18247EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.97 views

CVE-2015-6174

CVE-2015-6174 concerns a local privilege-escalation in the Windows kernel affecting Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2), Windows RT/8.1, and Windows 10 1511. The vulnerability description states that a crafted application can allow local ...

7.2CVSS6.2AI score0.03109EPSS
CVE
CVE
added 2014/06/11 1:0 a.m.96 views

CVE-2014-0296

CVE-2014-0296 affects the Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 (Gold and R2). The vulnerability stems from insufficient encryption of RDP sessions, enabling man-in-the-middle attackers to sniff data or modify sess...

5.1CVSS6AI score0.0571EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.95 views

CVE-2012-2556

CVE-2012-2556 : OpenType Font (OTF) parsing vulnerability in Windows kernel‑mode drivers allows remote code execution via a crafted font file. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Root cause: improper hand...

9.3CVSS7.5AI score0.20766EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.95 views

CVE-2013-5058

CVE-2013-5058 is a Windows kernel win32k.sys integer overflow (RFONTOBJ::bTextExtent) vulnerability that can crash the kernel and may enable local privilege escalation. It affects multiple OS versions up to Windows Server 2012 R2; CoreLabs/Core advisory details describe a signed division overflow...

6.9CVSS6.4AI score0.02764EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.95 views

CVE-2015-2371

CVE-2015-2371 corresponds to a Windows Installer Service elevation-of-privilege issue. A local attacker can escalate privileges by abusing a custom action script within an MSI package, affecting multiple Windows editions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, W...

6.9CVSS6.4AI score0.01536EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.94 views

CVE-2015-2423

CVE-2015-2423 is an “Unsafe Command Line Parameter Passing” vulnerability affecting a broad set of Windows OS versions (Vista through Windows 10) and Office apps (2007–2013) where a crafted command-line parameter to an Office app or Notepad can elevate from Low to Medium Integrity and disclose se...

4.3CVSS6.4AI score0.19851EPSS
CVE
CVE
added 2013/04/09 10:0 p.m.93 views

CVE-2013-1292

CVE-2013-1292 is a Windows kernel-mode driver vulnerability: a race condition in Win32k.sys that can allow local privilege escalation by a crafted application due to improper handling of objects in memory. Affected platforms include Windows Vista SP2, Windows Server 2008 SP2 (and R2, R2 SP1), Win...

7.4CVSS6.4AI score0.00897EPSS
CVE
CVE
added 2014/08/12 9:0 p.m.93 views

CVE-2014-0318

CVE-2014-0318 affects Windows kernel-mode driver code (win32k.sys) and enables local privilege escalation by abusing thread-owned object access. The vulnerability impacts multiple Windows client/server platforms listed in the initial description (e.g., Windows Server 2003 SP2, Vista SP2, Server 2...

7.2CVSS6.5AI score0.01821EPSS
CVE
CVE
added 2013/05/24 8:0 p.m.92 views

CVE-2013-3661

CVE-2013-3661 affects Windows with the EPATHOBJ::bFlatten function in win32k.sys across Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, and Windows RT. The root cause is improper checking of linked-list traversal in PATHRECORD chains,...

4.9CVSS6.2AI score0.03852EPSS
CVE
CVE
added 2013/11/13 12:0 a.m.92 views

CVE-2013-3940

CVE-2013-3940 is a Windows Graphics Device Interface (GDI) integer-overflow vulnerability affecting multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012/R2, Windows RT). The issue arises when processing specially cra...

9.3CVSS8AI score0.34452EPSS
CVE
CVE
added 2015/02/11 2:0 a.m.92 views

CVE-2015-0003

CVE-2015-0003 affects Win32k.sys in multiple Windows versions (SERVER 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, 8.1, Server 2012, RT/RT 8.1). The flaw allows local privilege escalation or denial of service via a crafted application, caused by a NULL pointer dereference in the...

6.9CVSS6.5AI score0.04536EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.92 views

CVE-2015-1644

CVE-2015-1644 describes an elevation-of-privilege flaw in Windows where impersonation levels are not properly constrained, enabling local users to gain privileges via a crafted application. Affected products include Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Window...

7.2CVSS6.2AI score0.01755EPSS
CVE
CVE
added 2015/08/15 12:0 a.m.92 views

CVE-2015-2476

CVE-2015-2476 affects the WebDAV client in Windows platforms (e.g., Vista SP2, Server 2008 SP2/R2, Windows 7, 8/8.1, Server 2012/R2, Windows RT) where SSL 2.0 is supported. The root cause is the ability for a remote attacker to conduct a decryption attack/Information Disclosure via MITM by downgr...

2.6CVSS6.4AI score0.11155EPSS
CVE
CVE
added 2015/12/09 11:0 a.m.92 views

CVE-2015-6171

CVE-2015-6171 concerns the Windows kernel vulnerability affecting Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012 Gold/R2, RT/8.1, and 10 1511, enabling local privilege elevation via a crafted application. The issue is a separate vulnerability from CVE-2015-6173 and CVE-2015-...

7.2CVSS6.2AI score0.0326EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.91 views

CVE-2013-1345

CVE-2013-1345 affects the Windows kernel-mode driver component Win32k.sys across multiple Windows/Server editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7, 8, Server 2012, Windows RT). The vulnerability arises from improper handling of objects in memory within Win32k...

7.2CVSS6.3AI score0.01743EPSS
CVE
CVE
added 2014/07/08 10:0 p.m.91 views

CVE-2014-1824

CVE-2014-1824 affects Windows Journal remote code execution via a crafted .JNT journal file. Concrete details show impact on multiple Windows client/server platforms (Windows Vista SP2; Server 2008 SP2/R2; Windows 7 SP1; Windows 8/8.1; Windows Server 2012/2012 R2; Windows RT/RT 8.1). Root cause i...

9.3CVSS8AI score0.18655EPSS
CVE
CVE
added 2014/07/08 10:0 p.m.91 views

CVE-2014-2781

CVE-2014-2781 describes a local privilege-escalation in Windows On-Screen Keyboard (OSK). A low-integrity process could interact with OSK to load a crafted program, bypassing integrity checks and achieving elevation. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Win...

7.6CVSS6.5AI score0.06024EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.91 views

CVE-2015-2365

CVE-2015-2365 affects the Windows kernel component Win32k.sys (kernel-mode driver). A local attacker can gain privileges via a crafted application, leading to privilege escalation on multiple Windows platforms (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/R2, R...

7.2CVSS6.5AI score0.03464EPSS
CVE
CVE
added 2015/10/14 1:0 a.m.91 views

CVE-2015-2552

CVE-2015-2552 concerns the Windows kernel across multiple editions (Windows 8/8.1, Server 2012, RT, Windows 10). The vulnerability enables physically proximate attackers to bypass Trusted Boot via a crafted Boot Configuration Data (BCD) setting, which can compromise code integrity and protections...

7.2CVSS6.1AI score0.01672EPSS
CVE
CVE
added 2012/09/26 10:0 a.m.90 views

CVE-2012-2897

CVE-2012-2897 is a Windows kernel‑mode driver vulnerability known as the TrueType Font Parsing vulnerability. It affects multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) and is triggered by processing a craf...

10CVSS7.3AI score0.21689EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.90 views

CVE-2015-1722

CVE-2015-1722 is a use-after-free vulnerability in Windows kernel-mode drivers, specifically tied to the Kernel Bitmap Handling path. A crafted local application can exploit the flaw to escalate privileges from a local user to higher rights (e.g., SYSTEM) by corrupting kernel memory. Affected pro...

7.2CVSS6.4AI score0.03477EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.90 views

CVE-2015-1725

CVE-2015-1725 is a local privilege-escalation vulnerability in Windows kernel-mode via a buffer overflow in Win32k.sys affecting Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 (Gold/R2) and Windows RT 8.x. Root cause: kernel-mo...

7.2CVSS6.8AI score0.03763EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.90 views

CVE-2015-1758

CVE-2015-1758 is the LoadLibrary EoP vulnerability in the Windows kernel affecting Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, Server 2012, and Windows RT. The issue stems from untrusted search path loading a Trojan DLL in an unspecified directory, enabling local privilege escala...

6.9CVSS6.4AI score0.01996EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.90 views

CVE-2015-2363

CVE-2015-2363 affects Windows kernel-mode graphics/driver component Win32k.sys, enabling local privilege escalation via a crafted application. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server ...

7.2CVSS6.5AI score0.01674EPSS
Total number of security vulnerabilities254