Lucene search

K

594 matches found

CVE
CVE
added 2009/07/29 5:30 p.m.57 views

CVE-2009-1919

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted obj...

9.3CVSS7.5AI score0.60976EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.57 views

CVE-2009-2525

Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted...

9.3CVSS7.4AI score0.38234EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.57 views

CVE-2009-2530

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...

9.3CVSS7.2AI score0.42147EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.57 views

CVE-2010-0250

Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 200...

9.3CVSS7.9AI score0.71235EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.57 views

CVE-2010-0807

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.59668EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.57 views

CVE-2010-3941

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulner...

8.4CVSS6.3AI score0.03471EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.57 views

CVE-2011-1877

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, ...

7.2CVSS6.4AI score0.00331EPSS
CVE
CVE
added 2011/10/12 2:52 a.m.57 views

CVE-2011-2002

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font T...

4.7CVSS6.1AI score0.00468EPSS
CVE
CVE
added 2011/10/12 2:52 a.m.57 views

CVE-2011-2011

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages i...

7.2CVSS6.4AI score0.00425EPSS
CVE
CVE
added 2013/03/13 12:55 a.m.57 views

CVE-2013-1286

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to e...

7.2CVSS7.2AI score0.00522EPSS
CVE
CVE
added 2013/07/10 3:46 a.m.57 views

CVE-2013-1340

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privi...

8.4CVSS6.4AI score0.0035EPSS
CVE
CVE
added 2015/04/14 8:59 p.m.57 views

CVE-2015-1645

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."

9.3CVSS8AI score0.41007EPSS
CVE
CVE
added 2016/09/14 10:59 a.m.57 views

CVE-2016-3355

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "GDI Elevatio...

7.8CVSS7.5AI score0.01463EPSS
CVE
CVE
added 2008/04/08 11:5 p.m.56 views

CVE-2008-1084

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is...

7.2CVSS6.8AI score0.11557EPSS
CVE
CVE
added 2008/07/08 11:41 p.m.56 views

CVE-2008-1435

Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."

9.3CVSS6.9AI score0.50685EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.56 views

CVE-2009-1126

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vu...

7.2CVSS6.3AI score0.00627EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.56 views

CVE-2010-0489

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."

9.3CVSS7.3AI score0.32817EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.56 views

CVE-2010-1893

Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."

6.8CVSS6.8AI score0.00637EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.56 views

CVE-2010-3940

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer D...

7.2CVSS6.4AI score0.03833EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.56 views

CVE-2010-3943

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigg...

7.2CVSS6.4AI score0.02125EPSS
CVE
CVE
added 2011/06/16 8:55 p.m.56 views

CVE-2011-1267

The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."

7.8CVSS6.5AI score0.42911EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.56 views

CVE-2011-1880

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00914EPSS
CVE
CVE
added 2011/12/14 12:55 a.m.56 views

CVE-2011-3408

Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process de...

7.2CVSS6.5AI score0.00237EPSS
CVE
CVE
added 2012/02/14 10:55 p.m.56 views

CVE-2012-0154

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers ke...

7.2CVSS6.4AI score0.01415EPSS
CVE
CVE
added 2013/02/13 12:4 p.m.56 views

CVE-2013-1255

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel ...

4.9CVSS6.4AI score0.00434EPSS
CVE
CVE
added 2013/04/09 10:55 p.m.56 views

CVE-2013-1295

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."

7.2CVSS6.5AI score0.00366EPSS
CVE
CVE
added 2013/05/15 3:36 a.m.56 views

CVE-2013-1334

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privi...

7.2CVSS6.4AI score0.0132EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.56 views

CVE-2014-4115

fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by conne...

7.2CVSS7.6AI score0.00831EPSS
CVE
CVE
added 2015/07/14 10:59 p.m.56 views

CVE-2015-2364

The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that lev...

7.2CVSS6.3AI score0.01333EPSS
CVE
CVE
added 2016/02/10 11:59 a.m.56 views

CVE-2016-0048

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.8CVSS7.6AI score0.00581EPSS
CVE
CVE
added 2016/03/09 11:59 a.m.56 views

CVE-2016-0096

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vu...

7.8CVSS7.5AI score0.16673EPSS
CVE
CVE
added 2008/12/10 2:0 p.m.55 views

CVE-2008-3465

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, whic...

9.8CVSS7.8AI score0.41365EPSS
CVE
CVE
added 2010/09/15 7:0 p.m.55 views

CVE-2010-0820

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Activ...

9CVSS7.8AI score0.28288EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.55 views

CVE-2010-2553

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

9.3CVSS7.3AI score0.74679EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.55 views

CVE-2011-0662

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.00623EPSS
CVE
CVE
added 2011/04/13 8:26 p.m.55 views

CVE-2011-1238

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.00623EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.55 views

CVE-2011-1284

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cau...

7.2CVSS6.8AI score0.01181EPSS
CVE
CVE
added 2013/02/13 12:4 p.m.55 views

CVE-2013-1248

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequ...

4.9CVSS6.4AI score0.00434EPSS
CVE
CVE
added 2013/05/15 3:36 a.m.55 views

CVE-2013-1332

dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privilege...

7.2CVSS6.3AI score0.01218EPSS
CVE
CVE
added 2015/07/14 10:59 p.m.55 views

CVE-2015-2416

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low...

5CVSS6.9AI score0.16073EPSS
CVE
CVE
added 2015/07/14 10:59 p.m.55 views

CVE-2015-2417

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low...

5CVSS6.9AI score0.16073EPSS
CVE
CVE
added 2007/12/12 12:46 a.m.54 views

CVE-2007-5351

Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."

10CVSS7.2AI score0.48048EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.54 views

CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts...

6.8CVSS7.2AI score0.02418EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.54 views

CVE-2010-1896

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted appli...

8.4CVSS6.2AI score0.01055EPSS
CVE
CVE
added 2011/04/13 8:26 p.m.54 views

CVE-2011-0677

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00827EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.54 views

CVE-2011-1888

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs...

7.2CVSS6.3AI score0.01048EPSS
CVE
CVE
added 2013/02/13 12:4 p.m.54 views

CVE-2013-1249

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequ...

4.9CVSS6.4AI score0.00434EPSS
CVE
CVE
added 2016/03/09 11:59 a.m.54 views

CVE-2016-0087

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

7.8CVSS7.6AI score0.01576EPSS
CVE
CVE
added 2007/03/20 8:19 p.m.53 views

CVE-2007-1531

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

5CVSS6.3AI score0.49398EPSS
CVE
CVE
added 2008/03/24 10:44 p.m.53 views

CVE-2008-0951

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an ...

9.3CVSS7.3AI score0.55653EPSS
Total number of security vulnerabilities594