Windows Vista Security Vulnerabilities and Issues — Windows Vista CVE List

Lucene search

MicrosoftWindows Vista

10 matches found

CVE•added 2010/03/10 10:30 p.m.•158 views

CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, a...

9.3CVSS7.3AI score0.91165EPSS

CVE•added 2010/03/31 7:30 p.m.•68 views

CVE-2010-0492

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability....

9.3CVSS7.5AI score0.59559EPSS

CVE•added 2010/03/31 7:30 p.m.•64 views

CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerab...

9.3CVSS7.6AI score0.63927EPSS

CVE•added 2010/03/31 7:30 p.m.•60 views

CVE-2010-0488

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."

6.5CVSS5.9AI score0.09851EPSS

CVE•added 2010/03/31 7:30 p.m.•60 views

CVE-2010-0490

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...

9.3CVSS7.6AI score0.59668EPSS

CVE•added 2010/03/31 7:30 p.m.•58 views

CVE-2010-0494

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another...

4.3CVSS5.4AI score0.46282EPSS

CVE•added 2010/03/31 7:30 p.m.•57 views

CVE-2010-0807

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.59668EPSS

CVE•added 2010/03/31 7:30 p.m.•56 views

CVE-2010-0489

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."

9.3CVSS7.3AI score0.32817EPSS

CVE•added 2010/03/24 10:44 p.m.•48 views

CVE-2010-1098

The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.

7.1CVSS6.6AI score0.30467EPSS

CVE•added 2010/03/10 10:30 p.m.•44 views

CVE-2010-0265

Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."

9.3CVSS7.7AI score0.69314EPSS