686 matches found
CVE-2016-3304
CVE-2016-3304 is the Windows Graphics Component remote code‑execution vulnerability where the Windows font library improperly handles crafted embedded fonts, affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Skype for Business 2016,...
CVE-2017-0269
CVE-2017-0269 is a Windows SMBv1 denial-of-service vulnerability: the SMBv1 server may stop responding when it receives specially crafted requests. The issue is tied to handling of SMBv1 traffic (no explicit exploit details in the provided docs). Affected context is Windows SMBv1 processing; pote...
CVE-2017-8676
CVE-2017-8676 is an information disclosure vulnerability in the Windows GDI+ component. The NVD entry describes that an authenticated attacker can retrieve information from the targeted system by presenting a specially crafted application, affecting a wide range of Windows versions (Windows clien...
CVE-2022-26798
Technical details about CVE-2022-26798 are not publicly available in the provided connected documents. The initial description notes a Windows Print Spooler Elevation of Privilege vulnerability, but there are no specific vendor/product/version/root-cause/fix details in the supplied materials. Mon...
CVE-2018-0825
CVE-2018-0825 corresponds to a Microsoft StructuredQuery remote code execution vulnerability. According to the CNVD entry, it exists in Microsoft Windows’ StructuredQuery component and stems from improper handling of objects in memory, enabling a remote attacker to execute arbitrary code when a s...
CVE-2025-29810
CVE-2025-29810 corresponds to an improper access control in Active Directory Domain Services that can allow an authenticated attacker to elevate privileges over the network. The NCSC advisory groups CVE-2025-29810 under Windows Active Directory Domain Services with an impact described as ‘Obtain ...
CVE-2009-0090
CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...
CVE-2017-0181
CVE-2017-0181 affects the Windows Hyper-V Network Switch on Windows 10/Windows Server 2016 hosts. The vulnerability is a remote code execution caused by improper validation of input from the guest OS, requiring an authenticated user on the guest. Connected sources confirm Hyper-V input validation...
CVE-2022-26790
Technical details for CVE-2022-26790 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2016-3223
CVE-2016-3223 relates to a Group Policy Elevation of Privilege vulnerability in Windows where LDAP authentication is mishandled, enabling a MiTM attacker to modify domain controller–to–client Group Policy update data and potentially escalate privileges. The issue affects multiple Windows editions...
CVE-2016-3301
CVE-2016-3301 affects the Windows Graphics Component in the Windows font library, enabling remote code execution via a crafted embedded font. Affected products include Windows Vista SP2; Windows Server 2008 SP2/R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; W...
CVE-2016-7237
CVE-2016-7237 affects Local Security Authority Subsystem Service (LSASS) in Windows between Vista SP2 and Windows Server 2016. The vulnerability allows remote authenticated users to cause a denial of service (system hang) by sending a crafted request, via the LSASS handling path (notably connecte...
CVE-2018-8136
CVE-2018-8136 is described as a remote code execution vulnerability in how Windows handles objects in memory, affecting Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008/2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers. The con...
CVE-2009-2532
CVE-2009-2532 refers to a remote-code-execution vulnerability in the SMBv2 implementation of Windows SMB Server. The issue arises from how SMBv2 handles the command value in SMB Multi-Protocol Negotiate packets, allowing an unauthenticated attacker to execute arbitrary code on affected systems. A...
CVE-2017-0114
CVE-2017-0114 is a Windows Uniscribe (usp10.dll) information-disclosure vulnerability affecting Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 SP1. The issue arises in Uniscribe when processing Unicode text via DrawText paths triggered by user32/lpk, allowing a remote attacker t...
CVE-2016-0042
CVE-2016-0042 corresponds to a Windows DLL loading Remote Code Execution vulnerability. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10 (including 1511). The flaw arises from mishandling D...
CVE-2017-0062
CVE-2017-0062 affects the Graphics Device Interface (GDI) in multiple Windows versions (Vista SP2 through Windows 10/1607). It enables local attackers to disclose sensitive process-memory information via a crafted web site; impact is information disclosure. Connected CIRCL entries indicate the vu...
CVE-2017-11771
CVE-2017-11771 is a remote code execution vulnerability in the Microsoft Windows Search component. The issue arises from improper handling of DNS responses by the Windows Search service, allowing an unauthenticated, remote attacker to execute code on affected systems. The CVE is referenced alongs...
CVE-2018-0846
The connected documents confirm CVE-2018-0846 affects the Windows Common Log File System (CLFS) driver and describes an elevation-of-privilege flaw caused by improper handling of objects in memory. Affected products include various Windows client/server builds (Windows 7 SP1, Windows 8.1/RT 8.1, ...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2017-8528
CVE-2017-8528 concerns a remote code execution vulnerability in Microsoft Windows Uniscribe (usp10.dll) where объектs in memory are mishandled. Affected platforms span Windows 7/8.1/10 and several Server SKUs with Office 2007/2010. Exploitation is possible via crafted documents or web content, pe...
CVE-2017-0279
CVE-2017-0279 corresponds to a remote code execution vulnerability in the Microsoft Windows SMB v1 server. The available connected and initial documents indicate: affected component is the SMBv1 server (Server Message Block 1.0) on multiple Windows platforms (e.g., Windows 7, Windows 8.1, Windows...
CVE-2011-1249
CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...
CVE-2018-0820
CVE-2018-0820 affects the Windows kernel on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 SP2/R2 SP1, 2012/2012 R2, Windows 10 (various builds) and Windows Server (various). The vulnerability arises from how objects are handled in memory, enabling local privilege escalation from a low-pr...
CVE-2009-1925
CVE-2009-1925 is the TCP/IP Timestamps Code Execution vulnerability in Windows. A remote attacker can execute arbitrary code by sending specially crafted TCP/IP packets to a listening service; the flaw arises from the TCP/IP stack not cleaning up state information, causing a field to be misinterp...
CVE-2017-0087
CVE-2017-0087 is a remote code execution vulnerability in Windows Uniscribe (USP10) affecting Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1. Connected data show exploits targeting USP10!MergeLigRecords, with heap memory corruption in Uniscribe’s font processing triggere...
CVE-2009-1133
CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...
CVE-2010-0022
CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...
CVE-2016-0174
CVE-2016-0174 describes a local privilege escalation in Windows kernel-mode drivers (Win32k) affecting multiple Windows family versions (Vista SP2, Server 2008 SP2/R2, 7 SP1, 8.1, Server 2012, RT 8.1, and Windows 10 1511/Gold). The vulnerability allows a locally authenticated attacker to gain hig...
CVE-2017-0099
CVE-2017-0099 pertains to Hyper-V in Microsoft Windows (lists affected: Windows Vista SP2, Server 2008 SP2/2008 R2, Windows 7 SP1, Windows 8.1, Server 2012 Gold/R2, Windows 10 Gold, 1511, 1607, Server 2016). The issue allows guest OS users, running as VMs, to cause a denial-of-service via a craft...
CVE-2022-26794
Technical details for CVE-2022-26794 are not publicly provided in the supplied documents. No specifics on affected components, root cause, impact, or fixes are present here. Monitor for updates in connected sources.
CVE-2010-0021
CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...
CVE-2010-5082
CVE-2010-5082 affects the Windows Color Control Panel (colorcpl.exe) on Windows Server 2008 SP2, R2, and R2 SP1. The vulnerability stems from insecure library loading where sti.dll can be loaded from the current working directory, enabling privilege escalation when a malicious directory also cont...
CVE-2016-0169
CVE-2016-0169 is a Windows Graphics Component Information Disclosure vulnerability in GDI across Windows Vista through Windows 10 (various editions). The issue arises from improper disclosure of memory contents via a crafted document, enabling remote information leakage. Public evidence includes ...
CVE-2017-8696
CVE-2017-8696 targets Microsoft Windows components (Windows Uniscribe/Graphics Component) across Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Office 2007 SP3/2010 SP2, Word Viewer, Office for Mac 2011/2016, Skype for Business, Lync, Live Meeting 2007 Add-in/Console. The vulnerability enables r...
CVE-2022-26792
Technical details for CVE-2022-26792 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources as more information becomes available.
CVE-2016-3225
The CVE-2016-3225 issue affects the SMB server component in multiple Windows releases (e.g., Vista/Server 2008/7/8.1/2012/RT 8.1/10). The root cause is credential-forwarding by the Windows SMB server to an unintended service, enabling a local attacker to gain elevated privileges via a crafted app...
CVE-2016-3236
CVE-2016-3236 affects the WPAD proxy discovery implementation in multiple Windows editions (Vista through Windows 10). The weakness arises when WPAD proxy discovery is mishandled, which could allow a remote attacker to redirect network traffic via unspecified vectors, effectively an elevation of ...
CVE-2017-0077
CVE-2017-0077 is a Windows kernel vulnerability described as the Win32k Information Disclosure Vulnerability. It affects multiple Windows versions (Windows 7 SP1, Windows 8.1, Windows 10 releases up to 1703 and Windows Server 2016, among others) and is exploitable by a local, authenticated attack...
CVE-2017-0180
Technical details for CVE-2017-0180 are not publicly provided in the connected documents. Available sources reference Hyper-V Network Switch input validation issues but do not disclose affected versions, root cause specifics, or exploit information. Monitor for updates.
CVE-2012-0173
Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.
CVE-2016-7272
CVE-2016-7272 affects the Windows Graphics component across multiple Windows versions (Vista SP2, Server 2008 SP2/R2, 7, 8.1, 2012/R2, RT 8.1, 10 Gold/1511/1607, Server 2016). The vulnerability enables remote code execution via a crafted web site, with network attack vector and no privileges requ...
CVE-2017-0275
CVE-2017-0275 is an SMBv1 information-disclosure vulnerability in Microsoft Windows SMB server handling of certain requests. The initial description lists affected products as Windows platforms including Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and ...
CVE-2018-1008
CVE-2018-1008 describes a local elevation-of-privilege vulnerability in Windows Adobe Type Manager Font Driver (ATMFD.dll). The flaw stems from improper handling of objects in memory, enabling an attacker to execute arbitrary code with kernel or SYSTEM privileges on vulnerable Windows editions (W...
CVE-2009-0550
CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2011-1966
The CVE-2011-1966 issue affects Microsoft Windows DNS Server on Windows Server 2008 SP2, R2, and R2 SP1, where the DNS server mishandles NAPTR queries that trigger recursive processing. The root cause is a memory corruption vulnerability exploitable via specially crafted NAPTR queries, which can ...
CVE-2013-3174
CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...
CVE-2014-1767
CVE-2014-1767 is a local privilege-escalation vulnerability in the Windows Ancillary Function Driver (afd.sys) leveraged via a dangling/double-free condition in kernel-mode code (AFD). Public materials indicate Microsoft MS14-040 addressed this flaw, affecting multiple Windows versions from Windo...
CVE-2017-0166
CVE-2017-0166: An LDAP elevation of privilege vulnerability in Windows occurs when LDAP request buffer lengths are improperly calculated. This enables a remote attacker to send malicious traffic to a Domain Controller to achieve elevated privileges. The initial description and connected documents...