Lucene search
+L
MicrosoftWindows Vista

827 matches found

CVE
CVE
added 2017/04/12 2:0 p.m.3799 views

CVE-2017-0199

CVE-2017-0199 affects Microsoft Office client suites (Office 2007 SP3, 2010 SP2, 2013 SP1, 2016) and Windows platforms (Vista SP2, Server 2008 SP2, 7 SP1, 8.1). The vulnerability allows remote code execution via a crafted document, exploiting how Office components interact with the Windows API an...

9.3CVSS8.3AI score0.99933EPSS
In wild
CVE
CVE
added 2010/07/22 10:0 a.m.1704 views

CVE-2010-2568

CVE-2010-2568 affects the Windows shell icon display for shortcut files, enabling arbitrary code execution when a crafted .LNK or .PIF is processed by Windows Explorer. Affected systems include Windows XP SP3, Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7, with...

9.3CVSS7.7AI score0.91324EPSS
In wild
CVE
CVE
added 2014/05/14 10:0 a.m.1415 views

CVE-2014-1812

CVE-2014-1812 affects the Group Policy Preferences password handling in Windows (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012), where passwords distributed via SYSVOL could be decrypted by an authenticated remote attacker, enabling privilege escalation. The issue is caused by ...

9CVSS8.6AI score0.65117EPSS
In wild
CVE
CVE
added 2016/04/12 11:0 p.m.1297 views

CVE-2016-0167

CVE-2016-0167 is a Windows kernel-mode Win32k Privilege Escalation vulnerability affecting multiple OS versions (e.g., Vista SP2, Windows 7 SP1, Windows 8.1, Windows Server 2008/R2, Windows 10). The issue arises in the kernel-mode driver Win32k where a crafted application can escalate privileges ...

7.8CVSS6.8AI score0.05729EPSS
In wild
CVE
CVE
added 2014/11/11 10:0 p.m.1287 views

CVE-2014-6332

CVE-2014-6332 is discussed in connected sources as being exploited by the Neptune Exploit Kit to deliver a Monero-mining payload via Internet Explorer exploits. The Neptune Campaign uses CVE-2014-6332 alongside other IE and Flash exploits to identify vulnerable targets and chain exploits in a sin...

9.3CVSS8.8AI score0.94996EPSS
In wildWeb
CVE
CVE
added 2015/09/09 12:0 a.m.1275 views

CVE-2015-2546

CVE-2015-2546 affects the Windows kernel Win32k memory handling (kernel‑mode driver) and enables local privilege escalation via a crafted application on affected Windows versions (Vista SP2 onward, Windows 7 SP1, 8/8.1, 10, Server editions). The root cause is a memory corruption vulnerability in ...

8.2CVSS8.5AI score0.10929EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.1258 views

CVE-2017-0147

CVE-2017-0147 affects the SMBv1 server in multiple Windows platforms, where remote attackers can obtain sensitive information from process memory via crafted SMB packets. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012, ...

7.5CVSS5.7AI score0.99693EPSS
In wild
CVE
CVE
added 2016/03/09 11:0 a.m.1175 views

CVE-2016-0099

CVE-2016-0099 corresponds to the Windows “Secondary Logon Handle Privilege Escalation” issue. The Secondary Logon Service fails to properly process request handles, enabling local attackers to gain elevated privileges. Publicly documented in multiple sources as MS16-032, with Metasploit/Ms16-032-...

7.8CVSS7.5AI score0.37164EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.1172 views

CVE-2016-3309

CVE-2016-3309 is a Windows kernel Win32k elevation-of-privilege vulnerability. A local attacker could gain SYSTEM privileges by exploiting a pool/handle-management issue in win32k, enabling code execution in kernel mode. Connected sources document an exploit (win32kfull!bFill pool overflow) and i...

7.8CVSS7.5AI score0.20625EPSS
In wild
CVE
CVE
added 2016/11/10 6:16 a.m.1139 views

CVE-2016-7255

CVE-2016-7255 is a Windows kernel privilege-escalation issue affecting win32k.sys. The CVE arises from a local attacker crafting an exploit against a Win32k component, enabling elevation to SYSTEM via the NtSetWindowLongPtr path in win32k.sys (MS16-135). Public exploitation materials in Exploit D...

7.8CVSS7.6AI score0.80968EPSS
In wild
CVE
CVE
added 2013/11/06 11:0 a.m.1138 views

CVE-2013-3906

CVE-2013-3906 is a memory corruption vulnerability in Microsoft Windows Graphics Component (TIFF handling) that could allow remote code execution. It affected GDI+ in Windows Vista SP2/Server 2008 SP2 and Office suites (Office 2003 SP3, 2007 SP3, 2010 SP1/SP2, Office Compatibility Pack SP3) and L...

9.3CVSS9.4AI score0.84971EPSS
In wild
CVE
CVE
added 2012/04/10 9:0 p.m.1127 views

CVE-2012-0151

CVE-2012-0151 : A vulnerability in the Windows Authenticode Signature Verification (WinVerifyTrust) function (affecting Windows XP SP2/XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 Consumer Preview) fails to properly validate the dige...

9.3CVSS5.8AI score0.8878EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.1120 views

CVE-2017-0001

CVE-2017-0001 is a Windows Graphics Device Interface (GDI) local privilege escalation affecting multiple Windows platforms (Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8.1, 2012 Gold/R2, RT 8.1, and newer Windows 10 builds). The description states that a crafted application can allow local users to...

7.8CVSS6.2AI score0.03114EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.1083 views

CVE-2017-0005

Technical details (affected product/version, root cause, fix) are not provided in the supplied documents; public details are high-level. Monitor for updates from official advisories and CVE feeds.

7.8CVSS6.2AI score0.11022EPSS
In wild
CVE
CVE
added 2014/10/22 2:0 p.m.1066 views

CVE-2014-6352

CVE-2014-6352 is an OLE remote code execution vulnerability in Microsoft Windows where a crafted OLE object can trigger arbitrary code execution. The issue affected Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2008/2012 variants, and Windows RT, with public exploitation reporte...

9.3CVSS7.6AI score0.77553EPSS
In wildWeb
CVE
CVE
added 2010/12/03 8:0 p.m.1058 views

CVE-2010-4398

CVE-2010-4398 is a stack-based buffer overflow in win32k.sys (RtlQueryRegistryValues) that enables local privilege escalation and UAC bypass across multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7). The vulnerability is triggered by a craft...

7.8CVSS6.8AI score0.08661EPSS
In wild
CVE
CVE
added 2016/02/10 11:0 a.m.1055 views

CVE-2016-0040

CVE-2016-0040 is a Windows kernel privilege-escalation vulnerability (uninitialized-pointer issue) exploited locally on NT kernel surfaces. Public materials show a PoC/PoC-like exploit (MS16-014) overwriting kernel objects to gain SYSTEM/root privileges (e.g., ntoskrnl/Win32k surface). Exploit-DB...

7.8CVSS7.3AI score0.24554EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.1054 views

CVE-2017-0101

CVE-2017-0101 affects Windows kernel Transaction Manager, where kernel-mode drivers improperly handle memory, enabling local privilege escalation to SYSTEM via crafted apps. Affected platforms span Vista SP2 through Windows 10 1607 and corresponding Server editions. Public exploit code exists (Ex...

7.8CVSS6.2AI score0.57482EPSS
In wild
CVE
CVE
added 2013/05/24 8:0 p.m.1052 views

CVE-2013-3660

CVE-2013-3660 describes a local privilege-escalation in Microsoft Windows via Win32k.sys (EPATHOBJ::pprFlattenRec) where a pointer for the next object in a PATHREC list is not properly initialized. According to the CVE description and linked documents, local users could gain write access to the P...

7.8CVSS6.5AI score0.39578EPSS
In wild
CVE
CVE
added 2016/05/11 1:0 a.m.1052 views

CVE-2016-0185

CVE-2016-0185 affects Windows Media Center on Vista SP2, Windows 7 SP1, and Windows 8.1. The vulnerability allows remote code execution when a user opens a specially crafted Media Center link (.mcl) file. Root cause: Windows Media Center mishandles paths in the Run parameter of the Application ta...

9.3CVSS7.9AI score0.6994EPSS
In wildWeb
CVE
CVE
added 2016/11/10 6:16 a.m.1044 views

CVE-2016-7256

CVE-2016-7256 is a remote code execution vulnerability in atmfd.dll, the Windows font library, affecting multiple Windows releases (Vista‑through‑Server 2016/Win10 1511–1607). It allows an attacker to execute arbitrary code by visiting a crafted web page that leverages specially embedded fonts du...

9.3CVSS8.8AI score0.64835EPSS
In wild
CVE
CVE
added 2015/04/21 10:0 a.m.1021 views

CVE-2015-1701

CVE-2015-1701 is a Win32k.sys kernel-mode privilege-escalation flaw affecting Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2. The issue stems from improper handling within win32k, notably around the ClientCopyImage/SetWindowLongPtr path, enabling a crafted user-mode input to execute code...

7.8CVSS7.3AI score0.562EPSS
In wild
CVE
CVE
added 2009/06/10 6:0 p.m.1014 views

CVE-2009-1123

CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...

7.8CVSS6.2AI score0.04918EPSS
In wild
CVE
CVE
added 2014/10/15 10:0 a.m.1007 views

CVE-2014-4113

CVE-2014-4113 corresponds to a Windows kernel-win32k.sys local privilege escalation (MS14-058) affecting multiple Windows editions (e.g., Windows 7/8/8.1 and corresponding server variants). The vulnerability arises in win32k.sys kernel-mode drivers and allows a crafted user-mode application to ga...

7.8CVSS8AI score0.87042EPSS
In wild
CVE
CVE
added 2014/10/15 10:0 a.m.983 views

CVE-2014-4114

CVE-2014-4114 is the Windows OLE Remote Code Execution vulnerability exploited via a crafted OLE object embedded in a Office document. Affected products include Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold and R2, and Windows RT Gol...

9.3CVSS9.5AI score0.81628EPSS
In wild
CVE
CVE
added 2015/01/13 10:0 p.m.940 views

CVE-2015-0016

The CVE-2015-0016 issue corresponds to a directory traversal elevation-of-privilege vulnerability in the TS WebProxy (TSWbPrxy) component affecting multiple Windows versions (Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8/8.1, Windows Server 2012/2012 R2, Windows RT/8.1). The und...

9.3CVSS6.8AI score0.7594EPSS
In wild
CVE
CVE
added 2014/10/15 10:0 a.m.934 views

CVE-2014-4148

CVE-2014-4148 is a remote code execution vulnerability in Windows kernel-mode driver win32k.sys caused by improper handling of TrueType fonts. It affects multiple Windows versions (server 2003 SP2, Vista, 2008, 7, 8/8.1, Server 2012) and is referenced publicly as MS14-058. Public exploitation exi...

9.3CVSS7.9AI score0.50703EPSS
In wild
CVE
CVE
added 2015/08/15 12:0 a.m.933 views

CVE-2015-1769

CVE-2015-1769 is a Windows privilege-escalation issue in the Mount Manager where symbolic link handling can be abused by inserting a malicious USB device. The vulnerability affects multiple Windows client/server releases (Vista SP2, 2008 SP2/R2, 7 SP1, 8/8.1, 2012/2012 R2, RT/RT 8.1, 10) and is c...

7.2CVSS7.3AI score0.04339EPSS
In wild
CVE
CVE
added 2015/07/14 10:0 p.m.926 views

CVE-2015-2387

CVE-2015-2387 discusses a local privilege-escalation in the ATMFD.DLL component of the Windows Adobe Type Manager Font Driver. Concrete details from connected sources show multiple OTF/TTF vulnerabilities in ATMFD.DLL (and related font subsystems) that allowed memory corruption via crafted font d...

7.8CVSS6.2AI score0.3512EPSS
In wild
CVE
CVE
added 2015/07/20 6:0 p.m.925 views

CVE-2015-2426

CVE-2015-2426 is a Windows OpenType Font Driver vulnerability (ATMFD.DLL) that causes a pool/heap overflow when processing OpenType fonts, allowing remote code execution. The issue arises from a flawed handling of font data (notably the Class1Count field in the GPOS/CFF paths) where an invalid ze...

9.3CVSS7.4AI score0.8669EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.913 views

CVE-2016-3393

CVE-2016-3393 affects the Graphics Device Interface (GDI/GDI+) in Windows, where improper handling of memory objects in the GDI component can enable remote code execution. The vulnerability impacts multiple Windows editions (Vista through Windows 10 variants listed in the CVE description) and is ...

9.3CVSS7.8AI score0.68684EPSS
In wild
CVE
CVE
added 2015/06/10 1:0 a.m.896 views

CVE-2015-2360

CVE-2015-2360 is a local privilege-escalation in Windows kernel-mode driver Win32k.sys affecting multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The underlying issue is in Win32k.sys that allows crafted a...

8.8CVSS6.5AI score0.14958EPSS
In wild
CVE
CVE
added 2016/10/14 1:0 a.m.894 views

CVE-2016-3298

CVE-2016-3298 affects Microsoft Internet Explorer 9–11 and the Internet Messaging API on Windows (Vista/7/Server 2008 R2 family). The root cause is improper handling of objects in memory, enabling a crafted web site to disclose whether arbitrary files exist on disk (information disclosure). The v...

6.5CVSS5.4AI score0.3279EPSS
In wild
CVE
CVE
added 2014/11/11 10:0 p.m.878 views

CVE-2014-4077

CVE-2014-4077: Microsoft IME (Japanese) privilege escalation via IMJPDCT.EXE, allowing sandbox bypass when processing crafted PDF files. Affected: Windows XP/Vista/2003/2008/7 with Office 2007/2010/2013 suites; exploited in the wild (2014). Mitigation: apply MS14-078 updates. Connected sources co...

9.3CVSS8.4AI score0.47679EPSS
In wild
CVE
CVE
added 2011/12/30 1:0 a.m.871 views

CVE-2011-3416

CVE-2011-3416 affects Microsoft .NET Framework's ASP.NET Forms Authentication, allowing remote authenticated users to obtain access to arbitrary user accounts via a crafted username. Affected: .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. The issue is addressed by MS11-100; vulnerable...

8.5CVSS6AI score0.45576EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.716 views

CVE-2009-3103

CVE-2009-3103 affects SMBv2 in srv2.sys on Windows Vista (Gold, SP1, SP2), Windows Server 2008 (Gold, SP2), and Windows 7 RC. Description and NSE/script references describe an out-of-bounds/array indexing issue in the SMB Negotiation protocol handling (ProcessID High header) that can allow remote...

10CVSS9.4AI score0.90121EPSS
CVE
CVE
added 2008/10/23 9:0 p.m.679 views

CVE-2008-4250

The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...

10CVSS9.5AI score0.98751EPSS
In wild
CVE
CVE
added 2008/10/20 5:0 p.m.526 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.515 views

CVE-2016-0165

CVE-2016-0165 is a Windows kernel-mode privilege-escalation issue affecting the Win32k subsystem (win32k.sys). The vulnerability allows a local attacker to gain higher privileges by exploiting how memory/objects are handled in the kernel, as described in CNVD-2016-02281. Affected products include...

7.8CVSS6.8AI score0.13841EPSS
In wild
CVE
CVE
added 2016/04/12 11:0 p.m.488 views

CVE-2016-0128

Technical details about CVE-2016-0128 are not provided in the connected documents. The initial description mentions Badlock affecting Windows SAM/LSAD, but no explicit exploit vectors, affected products, or fixes are given here. Monitor for updates.

6.8CVSS6.4AI score0.20877EPSS
CVE
CVE
added 2012/03/13 9:0 p.m.357 views

CVE-2012-0002

CVE-2012-0002 is a Remote Desktop Protocol memory-processing vulnerability in affected Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1). The flaw permits remote code execution by sending specially crafted RDP packets tha...

9.3CVSS9.5AI score0.74102EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.354 views

CVE-2017-0055

CVE-2017-0055 refers to a cross-site scripting (XSS) elevation-of-privilege vulnerability in Microsoft Internet Information Services (IIS). The issue affects IIS on multiple Windows platforms (Vista through Windows Server 2016) and allows a remote attacker to craft a request that can execute scri...

6.1CVSS5.4AI score0.16369EPSS
CVE
CVE
added 2011/11/08 9:0 p.m.327 views

CVE-2011-2016

CVE-2011-2016 describes an untrusted search path vulnerability in Windows Mail and Windows Meeting Space, affecting Windows Vista SP2, Windows Server 2008 SP2, R2 and R2 SP1, and Windows 7 (Gold and SP1). The root cause is loading a Trojan horse DLL from the current working directory when opening...

9.3CVSS6.4AI score0.08103EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.270 views

CVE-2009-2524

CVE-2009-2524 refers to an Integer Overflow in LSASS during NTLM authentication in multiple Windows versions. A malformed NTLM packet can cause LSASS to crash and reboot the host, i.e., a denial-of-service condition. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows ...

7.8CVSS6.5AI score0.2847EPSS
CVE
CVE
added 2016/04/12 11:0 p.m.264 views

CVE-2016-0143

CVE-2016-0143 is a Windows Win32k Privilege Escalation vulnerability in the kernel-mode driver (win32k.sys) affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8.1, 2012, RT 8.1, Windows 10 Gold/1511). Root cause: improper handling of objects in memory within the Wi...

7.8CVSS6.8AI score0.03596EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.261 views

CVE-2017-0025

Technical details such as affected products, vulnerable components, impact, and remediation for CVE-2017-0025 are not provided in the connected documents; no publicly disclosed specifics are included here. Monitor for updates.

7.8CVSS6.2AI score0.01835EPSS
In wild
CVE
CVE
added 2016/08/09 9:0 p.m.260 views

CVE-2016-3308

Technical details for CVE-2016-3308 are not publicly available in the provided documents; monitor for updates.

7.8CVSS7.5AI score0.06418EPSS
In wild
CVE
CVE
added 2017/03/17 12:0 a.m.254 views

CVE-2017-0047

Technical details about CVE-2017-0047 are not provided in the connected documents. Public information in the Initial Description is limited to an overview; monitor for updates.

7.8CVSS6.2AI score0.01858EPSS
In wild
CVE
CVE
added 2015/02/11 2:0 a.m.237 views

CVE-2015-0008

CVE-2015-0008 affects Windows clients/servers (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1) where UNC-based policy data transfers during Group Policy processing allow remote code execution due to lack of server-to-client authentication. The...

8.3CVSS8.1AI score0.2858EPSS
Web
CVE
CVE
added 2011/04/13 6:0 p.m.235 views

CVE-2011-0657

CVE-2011-0657 affects the DNSAPI.dll DNS client in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 SP1). Root cause: improper processing of DNS queries by the DNS client, enabling remote attackers to run arbitrary code via (1) a crafted L...

9.8CVSS7.6AI score0.63335EPSS
Total number of security vulnerabilities827