Lucene search
+L
MicrosoftWindows 8

254 matches found

cve
cve
added 2015/07/14 10:0 p.m.90 views

CVE-2015-2363

CVE-2015-2363 affects Windows kernel-mode graphics/driver component Win32k.sys, enabling local privilege escalation via a crafted application. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server ...

7.2CVSS6.5AI score0.01674EPSS
cve
cve
added 2015/08/15 12:0 a.m.90 views

CVE-2015-2433

CVE-2015-2433 is described as a local kernel ASLR bypass vulnerability in Microsoft Windows (affecting Vista SP2/Server 2008 SP2 and R2, Windows 7 SP1, 8/8.1, Server 2012, RT/RT 8.1, Windows 10). Connected records confirm public exploitation activity and linkage to a separate MS15-080/graphics-fo...

2.1CVSS5.9AI score0.18402EPSS
cve
cve
added 2015/09/09 12:0 a.m.90 views

CVE-2015-2514

CVE-2015-2514 pertains to Windows Journal remote code execution via a crafted .jnt file affecting Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1, and Windows 10. The connected records also reference CVE-2015-2513 and CVE-2...

9.3CVSS7.4AI score0.15211EPSS
cve
cve
added 2013/11/16 2:0 a.m.89 views

CVE-2013-3876

CVE-2013-3876 concerns DirectAccess in Windows platforms where the client/server DirectAccess component fails to properly verify server X.509 certificates. This enables a man-in-the-middle to impersonate a legitimate server and potentially read encrypted domain credentials when a crafted certific...

7.1CVSS6.2AI score0.05218EPSS
cve
cve
added 2014/11/11 10:0 p.m.89 views

CVE-2014-6318

CVE-2014-6318 refers to a vulnerability in the Remote Desktop Protocol (RDP) audit logon feature across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The issue is that failed login attempts with valid credentials are not properly logged, ...

4.3CVSS6.7AI score0.11376EPSS
cve
cve
added 2015/09/09 12:0 a.m.89 views

CVE-2015-2524

Technical details about CVE-2015-2524 are not publicly available in the provided connected documents. No specific affected product/version, root cause, impact, or remediation are disclosed here. Monitor for updates.

7.2CVSS6.3AI score0.03466EPSS
cve
cve
added 2015/12/09 11:0 a.m.89 views

CVE-2015-6126

CVE-2015-6126 is a local elevation-of-privilege vulnerability in the Pragmatic General Multicast (PGM) protocol implementation in Windows. The root cause is a race condition that can lead to references to memory that has already been freed (use-after-free), enabling a logged-in attacker to gain p...

7.2CVSS6.6AI score0.01557EPSS
cve
cve
added 2015/09/09 12:0 a.m.88 views

CVE-2015-2509

CVE-2015-2509 concerns Windows Media Center in Vista SP2, Win7 SP1, Win8, and Win8.1. The vulnerability arises in Windows Media Center’s handling of Media Center Link (.mcl) files, where a crafted mcl file can lead to arbitrary code execution. Exploitation described in public sources involves del...

9.3CVSS7.3AI score0.71044EPSS
cve
cve
added 2014/03/12 1:0 a.m.87 views

CVE-2014-0300

CVE-2014-0300 is a Windows kernel-mode driver (Win32k.sys) elevation-of-privilege vulnerability affecting multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7, 8, 8.1, Server 2012) where local attackers can gain privileges via a crafted application. Roo...

7.2CVSS6.4AI score0.01637EPSS
cve
cve
added 2015/03/11 10:0 a.m.87 views

CVE-2015-0081

CVE-2015-0081 affects Windows Text Services (WTS) and allows remote code execution when a user opens a crafted web site or file. Affected products include Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012/2012 R2, and Windows RT/8.1. Root ca...

9.3CVSS7.9AI score0.23755EPSS
cve
cve
added 2015/08/15 12:0 a.m.87 views

CVE-2015-2462

CVE-2015-2462 is an OpenType font parsing vulnerability in Windows’ Adobe Type Manager Library (ATMFD.DLL). The weakness allows remote code execution when a crafted OpenType font is processed by affected Windows builds. The affected platforms include Windows Vista SP2, Windows Server 2008 SP2/R2,...

9.3CVSS7.4AI score0.35562EPSS
cve
cve
added 2015/09/09 12:0 a.m.87 views

CVE-2015-2528

The CVE-2015-2528 issue affects Windows 8, Windows 8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1, and Windows 10, where the local threat can gain privileges by abusing improper constraints on impersonation levels in Task Management. The root cause is not clearly constrained impersonation ...

7.2CVSS6.3AI score0.03587EPSS
cve
cve
added 2015/10/14 1:0 a.m.87 views

CVE-2015-2553

CVE-2015-2553 affects the Windows kernel’s handling of mountpoint creation for reparse points, enabling local privilege escalation via sandboxed environments on Windows Vista/7/8/8.1/10 and corresponding server editions. Public writeups describe bypasses of the mitigation introduced by MS15-111 (...

7.2CVSS6.4AI score0.03264EPSS
cve
cve
added 2015/11/11 11:0 a.m.87 views

CVE-2015-6101

CVE-2015-6101 is a Windows kernel local privilege escalation affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT/8.1, and Windows 10 (build 1511). The vulnerability allows a local user to gain privileges via a crafted ...

6.9CVSS6.3AI score0.03107EPSS
cve
cve
added 2015/12/09 11:0 a.m.87 views

CVE-2015-6173

CVE-2015-6173 targets the Windows kernel memory elevation vulnerability affecting multiple Windows versions (Vista SP2, 2008 SP2/R2, 7 SP1, 8/8.1, 2012 Gold/R2, RT/8.1, 10 RT1/1511). It enables local privilege escalation via a crafted application, with exploitation publicized ( exploit-db entries...

7.2CVSS6.2AI score0.03109EPSS
cve
cve
added 2014/03/12 1:0 a.m.86 views

CVE-2014-0323

CVE-2014-0323 affects Microsoft Windows kernel-mode driver win32k.sys, enabling local attackers to disclose kernel memory contents or trigger a system hang via a crafted application. Affected products include Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windo...

6.6CVSS5.8AI score0.02947EPSS
cve
cve
added 2014/06/11 1:0 a.m.86 views

CVE-2014-1817

CVE-2014-1817 concerns a vulnerability in usp10.dll (Uniscribe) that affects multiple Windows versions (Server 2003 SP2, Vista, Server 2008/2008 R2, Windows 7/8/8.1, Server 2012/R2) and related Office components. The issue arises from processing a crafted EMF+ record in a font file, enabling remo...

9.3CVSS8.6AI score0.18875EPSS
cve
cve
added 2014/06/11 1:0 a.m.86 views

CVE-2014-1818

CVE-2014-1818 is a GDI+ image parsing vulnerability in Windows and Office components that allows remote code execution when a crafted EMF+ record is embedded in an image file. The affected products include multiple Windows versions (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP...

9.3CVSS8.5AI score0.2022EPSS
cve
cve
added 2015/01/13 10:0 p.m.86 views

CVE-2015-0006

The CVE-2015-0006 issue is a vulnerability in Microsoft Windows’ Network Location Awareness (NLA) service. The root cause is that NLA does not perform mutual authentication to verify domain connections, enabling a remote attacker to spoof DNS/LDAP responses on a local network and trigger an unint...

6.1CVSS6.6AI score0.11613EPSS
cve
cve
added 2015/08/15 12:0 a.m.86 views

CVE-2015-2472

CVE-2015-2472 is a Remote Desktop Session Host Spoofing vulnerability. RDSH in RDP up to Windows 8.1/Server 2012 and related editions does not properly verify certificates, allowing a MITM attacker to spoof a TLS/SSL session with a crafted certificate that has valid Issuer and Serial Number field...

4.3CVSS6.2AI score0.02223EPSS
cve
cve
added 2016/01/13 2:0 a.m.86 views

CVE-2016-0018

CVE-2016-0018 affects Windows 7 SP1, Windows 8/8.1, Windows Server 2012 R2, and Windows 10 (RSA/1511 scope noted) where DLL loading is mishandled, enabling local privilege escalation via a crafted application. Connected advisories (MS16-007) indicate multiple DLL-loading and related RPC/DirectSho...

7.3CVSS7.5AI score0.13526EPSS
cve
cve
added 2015/11/11 11:0 a.m.85 views

CVE-2015-6095

CVE-2015-6095 is a Windows Kerberos security feature bypass vulnerability affecting multiple Windows versions (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8, 8.1, 2012/2012 R2, RT, 10 1511). The issue arises from mishandling password changes, which can let physically proximate attackers bypass authenticat...

4.9CVSS6.6AI score0.04001EPSS
cve
cve
added 2013/07/10 1:0 a.m.84 views

CVE-2013-1300

CVE-2013-1300 maps to a Win32k memory handling vulnerability in win32k.sys affecting multiple Windows XP/Vista/7/8/2003/Server variants. The issue is a local privilege escalation via a crafted application that abuses kernel memory object handling, enabling an attacker to gain SYSTEM-level privile...

7.2CVSS6.2AI score0.1218EPSS
cve
cve
added 2015/05/13 10:0 a.m.84 views

CVE-2015-1674

CVE-2015-1674 affects Windows kernel on Windows 8, Windows 8.1, Windows Server 2012 (Gold/R2) and Windows RT (gold/8.1). The vulnerability stems from the kernel not properly validating an unspecified address, enabling local attackers to bypass KASLR and to discover the cng.sys base address via a ...

4.6CVSS5.9AI score0.03334EPSS
cve
cve
added 2015/06/10 1:0 a.m.84 views

CVE-2015-1756

CVE-2015-1756 is a use-after-free vulnerability in Microsoft Windows Common Controls that could allow remote code execution when a user visits a crafted web page and then uses Internet Explorer F12 Developer Tools. The issue affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, 7 ...

9.3CVSS7.4AI score0.1757EPSS
cve
cve
added 2015/08/15 12:0 a.m.84 views

CVE-2015-2429

CVE-2015-2429 affects Windows sandboxed contexts (Windows Vista SP2, 7 SP1, 8/8.1, Server 2008/2012 and R2, RT) where a crafted application could bypass the sandbox and perform registry actions. Root cause: registry key symbolic links could be created from a sandboxed process, enabling privilege ...

9.3CVSS6.5AI score0.07101EPSS
cve
cve
added 2015/09/09 12:0 a.m.84 views

CVE-2015-2507

CVE-2015-2507 is a local privilege-escalation in the Windows Adobe Type Manager Library. The vulnerability affects multiple Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012 Gold/R2, RT/8.1, 10). The root cause is the Adobe Type Manager Library failing to prop...

7.2CVSS6.3AI score0.03639EPSS
cve
cve
added 2015/09/09 12:0 a.m.84 views

CVE-2015-2525

CVE-2015-2525 affects Windows Task Scheduler across multiple OS versions (Vista SP2, Server 2008 SP2/R2, Windows 7/8/8.1, Server 2012/2012 R2, RT/10). The vulnerability allows local privilege escalation by bypassing filesystem restrictions during task deletion via Task Scheduler (schedsvc.dll) wi...

7.2CVSS6.4AI score0.32712EPSS
cve
cve
added 2015/11/11 11:0 a.m.84 views

CVE-2015-6100

Technical details about CVE-2015-6100 are not provided in the connected documents; the initial entry describes a Windows kernel privilege escalation affecting multiple OS versions but lacks concrete technical specifics. Monitor for updates.

6.9CVSS6.3AI score0.03229EPSS
cve
cve
added 2015/11/11 11:0 a.m.84 views

CVE-2015-6104

CVE-2015-6104 affects the Adobe Type Manager Library in multiple Windows platforms (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, 2012, RT/8.1, 10 Gold/1511). The vulnerability allows remote code execution via a crafted embedded font, due to a flaw in font processing in Win32k/font handling (Windo...

9.3CVSS7.9AI score0.35288EPSS
cve
cve
added 2015/01/13 10:0 p.m.83 views

CVE-2015-0011

CVE-2015-0011 is a local privilege-escalation flaw in the WebDAV kernel-mode driver mrxdav.sys across multiple Windows OS versions (e.g., Server 2003 SP2, Vista SP2, 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The root cause is improper enforcement of impersonation protection, all...

4.7CVSS6.3AI score0.02006EPSS
cve
cve
added 2015/04/14 8:0 p.m.83 views

CVE-2015-1643

CVE-2015-1643 affects multiple Windows versions (Vista to Server 2012/R2, RT/RT 8.1, etc.). The root cause is NtCreateTransactionManager type confusion that fails to properly constrain impersonation levels, enabling a local unprivileged user to escalate to higher privileges via a crafted applicat...

7.2CVSS6.4AI score0.02724EPSS
cve
cve
added 2015/09/09 12:0 a.m.83 views

CVE-2015-2516

CVE-2015-2516 affects Windows Journal across multiple Windows client/server editions (e.g., Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows 10, and Windows Server 2008/2012 variants). The issue is a denial-of-service via a specially crafted Journal file (.jnt), caused by improper handling that c...

4.3CVSS6.5AI score0.11707EPSS
cve
cve
added 2015/10/14 1:0 a.m.83 views

CVE-2015-2549

CVE-2015-2549 is a Windows kernel memory corruption local privilege escalation vulnerability affecting multiple Windows versions (Vista SP2, 2008 SP2/R2, 7 SP1, 8/8.1, 2012, RT, 10). The connected material confirms related CVEs (2549, 2550, 2552, 2553, 2554) and notes exploitation via a crafted l...

7.2CVSS6.3AI score0.02343EPSS
cve
cve
added 2013/01/09 6:0 p.m.82 views

CVE-2013-0008

CVE-2013-0008 describes a local privilege-escalation in Windows via the kernel‑mode driver win32k.sys. The vulnerability arises from improper handling of window broadcast messages, allowing a crafted local user‑mode application to elevate privileges. Affected Windows versions include Vista SP2, S...

7.2CVSS6.2AI score0.17089EPSS
cve
cve
added 2013/10/09 2:44 p.m.82 views

CVE-2013-3195

The CVE-2013-3195 vulnerability affects the Windows common control library, specifically the DSA_InsertItem function in Comctl32.dll. It describes an integer/ memory allocation overflow that could allow remote code execution when a crafted value is supplied to an ASP.NET web application, affectin...

10CVSS7.6AI score0.38485EPSS
cve
cve
added 2013/09/11 10:0 a.m.82 views

CVE-2013-3864

Technical details for CVE-2013-3864 are not publicly available in the provided connected documents. Monitor for updates from official advisories; the supplied references include NVD entries for related CVEs but no new specifics about this CVE.

7.2CVSS6.2AI score0.01654EPSS
cve
cve
added 2015/02/11 2:0 a.m.82 views

CVE-2015-0010

CVE-2015-0010 affects the Windows kernel-mode Cryptography Next Generation driver (cng.sys). The vulnerability occurs when using the CRYPTPROTECTMEMORY_SAME_LOGON option, where the code path does not validate the impersonation token’s level, permitting local users to bypass decryption restriction...

1.9CVSS6.2AI score0.0265EPSS
cve
cve
added 2015/03/11 10:0 a.m.82 views

CVE-2015-0076

CVE-2015-0076 affects the Microsoft Windows Photo Decoder component across Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2) and Windows RT/8.1. The vulnerability stems from not properly initializing memory when rendering JPEG XR (.JXR) images, allowin...

4.3CVSS5.8AI score0.15351EPSS
cve
cve
added 2015/08/15 12:0 a.m.82 views

CVE-2015-2430

CVE-2015-2430 describes a Windows sandbox-elevation vulnerability affecting multiple OS versions (Vista SP2, Windows 7 SP1, Windows 8/8.1, Server 2008/2012 variants, RT). The initial report notes a sandbox bypass enabling unspecified filesystem actions via a crafted application. Connected documen...

9.3CVSS6.5AI score0.07161EPSS
cve
cve
added 2015/08/15 12:0 a.m.82 views

CVE-2015-2459

CVE-2015-2459 concerns ATMFD.DLL in the Windows Adobe Type Manager Library across Windows Vista/7/8/10 and server editions. The connected exploitpack entry describes an out-of-bounds read in ATMFD.DLL triggered by processing a malformed OpenType font, specifically a corrupted CFF table Name INDEX...

9.3CVSS7.3AI score0.32351EPSS
cve
cve
added 2015/09/09 12:0 a.m.82 views

CVE-2015-2513

CVE-2015-2513 relates to Windows Journal remote code execution via a crafted .jnt file across Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1, and Windows 10. The root cause is processing of .jnt files enabling arbi...

9.3CVSS7.4AI score0.19155EPSS
cve
cve
added 2015/09/09 12:0 a.m.82 views

CVE-2015-2527

CVE-2015-2527 is a local privilege-escalation vulnerability in Windows' kernel-mode driver pathway, specifically the process-initialization logic in win32k.sys. The root cause is improper constraining of impersonation levels during certain process initialization scenarios, enabling a locally auth...

7.2CVSS6.5AI score0.07044EPSS
cve
cve
added 2016/01/13 2:0 a.m.82 views

CVE-2016-0006

CVE-2016-0006 is a local privilege-escalation vulnerability in the Windows sandbox implementation where reparse points are mishandled. A crafted application can escalate privileges on affected systems by exploiting this flaw. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2...

7.3CVSS7.2AI score0.04231EPSS
cve
cve
added 2013/08/14 10:0 a.m.81 views

CVE-2013-3198

CVE-2013-3198 affects the NTVDM subsystem in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. It relies on improper validation of kernel-memory addresses, enabling local privilege escalation or memory corruption (DoS) via a cr...

7.2CVSS6.2AI score0.02079EPSS
cve
cve
added 2015/03/11 10:0 a.m.81 views

CVE-2015-0080

CVE-2015-0080 affects multiple Windows platforms (Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012) where memory is not properly initialized when rendering certain malformed PNG images, enabling a remote att...

4.3CVSS5.9AI score0.15351EPSS
cve
cve
added 2015/03/11 10:0 a.m.81 views

CVE-2015-0088

CVE-2015-0088 is referenced in connected Project Zero posts as an off-by-x out-of-bounds read/write issue related to the Type 2 Charstring/operand stack in ATMFD.DLL/OpenType handling. The supplied connected documents do not provide explicit product versions, root-cause analysis, impact details, ...

9.3CVSS7.8AI score0.19835EPSS
cve
cve
added 2015/03/11 10:0 a.m.81 views

CVE-2015-0094

CVE-2015-0094 is a Windows kernel-mode driver information-disclosure vulnerability where the affected kernel components do not properly restrict address information during a function call, enabling local attackers to bypass ASLR. Affected products include multiple Windows versions listed in sourc...

2.1CVSS5.8AI score0.02594EPSS
cve
cve
added 2015/07/14 10:0 p.m.81 views

CVE-2015-2366

CVE-2015-2366 affects Win32k.sys in multiple Windows kernel‑mode drivers (Windows 7 SP1, Windows 8/8.1, Windows Server 2008 R2 SP1, 2012, RT) and allows local privilege escalation via a crafted application. The root cause is improper handling in the kernel‑mode driver, enabling an attacker to gai...

7.2CVSS6.5AI score0.03464EPSS
cve
cve
added 2015/08/15 12:0 a.m.81 views

CVE-2015-2461

The CVE-2015-2461 entry is supported by connected documentation describing an ATMFD.DLL OpenType font parsing vulnerability in the Windows Adobe Type Manager Library. The exploitable condition is an out-of-bounds read in ATMFD.DLL when handling a crafted OpenType font, specifically triggered by a...

9.3CVSS7.3AI score0.36366EPSS
Total number of security vulnerabilities254