Lucene search

K
MicrosoftWindows Vista

828 matches found

CVE
CVE
added 2010/08/11 6:47 p.m.87 views

CVE-2010-2551

The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SM...

7.8CVSS6.4AI score0.66186EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.87 views

CVE-2015-2435

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, a...

9.3CVSS7.4AI score0.33527EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.87 views

CVE-2015-2506

atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a c...

9.3CVSS6.4AI score0.23431EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.87 views

CVE-2016-0168

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Informati...

6.5CVSS5.9AI score0.68305EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.87 views

CVE-2017-0063

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASL...

6.5CVSS5.4AI score0.21453EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.87 views

CVE-2017-0118

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a craft...

4.3CVSS4.5AI score0.13744EPSS
CVE
CVE
added 2007/03/30 8:19 p.m.86 views

CVE-2007-0038

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, whic...

9.3CVSS7.8AI score0.90084EPSS
CVE
CVE
added 2008/09/11 1:11 a.m.86 views

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital ...

9.3CVSS7.8AI score0.71547EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.86 views

CVE-2010-0239

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Rout...

10CVSS7.6AI score0.66839EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.86 views

CVE-2015-2432

ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, ...

9.3CVSS7.5AI score0.49945EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.86 views

CVE-2016-0195

The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Imaging Componen...

9.3CVSS8.6AI score0.2636EPSS
CVE
CVE
added 2016/07/13 1:59 a.m.86 views

CVE-2016-3252

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.3CVSS7AI score0.02653EPSS
CVE
CVE
added 2016/10/14 2:59 a.m.86 views

CVE-2016-3263

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync ...

5.5CVSS6AI score0.19061EPSS
CVE
CVE
added 2016/10/14 2:59 a.m.86 views

CVE-2016-3266

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privi...

10CVSS7AI score0.20897EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.86 views

CVE-2016-3375

The OLE Automation mechanism and VBScript scripting engine in Microsoft Internet Explorer 9 through 11, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow remote attackers to e...

7.6CVSS7.6AI score0.26763EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.86 views

CVE-2017-0074

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "H...

5.4CVSS5.2AI score0.00651EPSS
CVE
CVE
added 2007/02/23 2:28 a.m.85 views

CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that d...

4.6CVSS6.1AI score0.00418EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.85 views

CVE-2015-2455

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, S...

9.3CVSS7.3AI score0.57455EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.85 views

CVE-2016-0171

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.8CVSS7.5AI score0.04066EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.85 views

CVE-2016-0184

Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Direct3D U...

9.3CVSS8.7AI score0.22391EPSS
CVE
CVE
added 2016/11/10 6:59 a.m.85 views

CVE-2016-3340

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted appl...

9.3CVSS7.5AI score0.1385EPSS
CVE
CVE
added 2016/11/10 6:59 a.m.85 views

CVE-2016-7184

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted appl...

9.3CVSS7.5AI score0.1385EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.85 views

CVE-2017-0076

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "H...

5.4CVSS5.2AI score0.00651EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.85 views

CVE-2017-0097

Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "H...

5.4CVSS5.2AI score0.00651EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.85 views

CVE-2017-0119

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-...

4.3CVSS4.5AI score0.13744EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.84 views

CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers ...

10CVSS7.5AI score0.61275EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.83 views

CVE-2009-0091

Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Fr...

9.3CVSS7.2AI score0.3731EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.83 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS
CVE
CVE
added 2014/02/12 4:50 a.m.83 views

CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to by...

7.1CVSS6.3AI score0.3746EPSS
CVE
CVE
added 2015/08/15 12:59 a.m.83 views

CVE-2015-2456

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, S...

9.3CVSS7.3AI score0.57455EPSS
CVE
CVE
added 2016/08/09 9:59 p.m.83 views

CVE-2016-3299

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container prote...

5.3CVSS7AI score0.07344EPSS
CVE
CVE
added 2016/11/10 6:59 a.m.83 views

CVE-2016-7218

Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a cr...

4.7CVSS5AI score0.01428EPSS
CVE
CVE
added 2016/12/20 6:59 a.m.83 views

CVE-2016-7219

The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, a...

5.5CVSS5.4AI score0.01469EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.83 views

CVE-2017-0083

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2...

9.3CVSS7.4AI score0.67088EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.83 views

CVE-2017-0113

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-...

4.3CVSS4.5AI score0.13744EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.82 views

CVE-2010-3338

The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOT...

7.2CVSS6.2AI score0.44756EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.82 views

CVE-2011-0661

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a ...

10CVSS7.6AI score0.63002EPSS
CVE
CVE
added 2011/12/30 1:55 a.m.82 views

CVE-2011-3417

The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka ...

9.3CVSS6.5AI score0.64978EPSS
CVE
CVE
added 2014/03/12 5:15 a.m.82 views

CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for r...

5.4CVSS6.5AI score0.09151EPSS
CVE
CVE
added 2015/12/09 11:59 a.m.82 views

CVE-2015-6107

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10 Gold and 1511, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, ...

9.3CVSS7.5AI score0.52287EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.82 views

CVE-2016-0152

Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."

7.8CVSS7.8AI score0.05015EPSS
CVE
CVE
added 2016/05/11 1:59 a.m.82 views

CVE-2016-0180

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Ker...

7.8CVSS7.3AI score0.01498EPSS
CVE
CVE
added 2017/03/17 12:59 a.m.82 views

CVE-2017-0089

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2...

9.3CVSS7.4AI score0.67088EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.81 views

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project...

9.3CVSS9.7AI score0.46054EPSS
CVE
CVE
added 2016/07/13 1:59 a.m.81 views

CVE-2016-3254

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.8CVSS7AI score0.02653EPSS
CVE
CVE
added 2016/12/20 6:59 a.m.81 views

CVE-2016-7259

The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a cra...

7.8CVSS7.4AI score0.00753EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.80 views

CVE-2010-2552

Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."

7.8CVSS6.4AI score0.68306EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.80 views

CVE-2010-2739

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operati...

7.2CVSS7.6AI score0.00927EPSS
CVE
CVE
added 2015/11/11 11:59 a.m.80 views

CVE-2015-2478

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application that triggers a Winsock call referencing an i...

7.2CVSS6.5AI score0.02965EPSS
CVE
CVE
added 2015/09/09 12:59 a.m.80 views

CVE-2015-2510

Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a craft...

9.3CVSS7.7AI score0.72229EPSS
Total number of security vulnerabilities828