Total
2596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0176 | 1 Microsoft | 1 Silverlight | 2018-10-12 | 9.3 HIGH | N/A |
Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." | |||||
CVE-2012-0159 | 1 Microsoft | 7 Office, Silverlight, Windows 7 and 4 more | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | |||||
CVE-2012-0142 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." | |||||
CVE-2011-1983 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability." | |||||
CVE-2011-1986 | 1 Microsoft | 1 Excel | 2018-10-12 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability." | |||||
CVE-2011-0977 | 1 Microsoft | 1 Excel | 2018-10-12 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability." | |||||
CVE-2010-3217 | 1 Microsoft | 1 Word | 2018-10-12 | 9.3 HIGH | N/A |
Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." | |||||
CVE-2010-1889 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2018-10-12 | 7.2 HIGH | N/A |
Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." | |||||
CVE-2010-0242 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2018-10-12 | 7.8 HIGH | N/A |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." | |||||
CVE-2009-3103 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2018-10-12 | 10.0 HIGH | N/A |
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-0560 | 1 Microsoft | 6 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 3 more | 2018-10-12 | 9.3 HIGH | N/A |
Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability." | |||||
CVE-2009-0562 | 1 Microsoft | 3 Isa Server, Office, Office Web Components | 2018-10-12 | 9.3 HIGH | N/A |
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." | |||||
CVE-2008-4844 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008. | |||||
CVE-2009-0102 | 1 Microsoft | 3 Office Project, Project Portfolio Server, Project Server | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." | |||||
CVE-2009-0100 | 1 Microsoft | 4 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." | |||||
CVE-2009-0098 | 1 Microsoft | 1 Exchange Server | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | |||||
CVE-2009-0097 | 1 Microsoft | 1 Visio | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | |||||
CVE-2009-0096 | 1 Microsoft | 1 Visio | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." | |||||
CVE-2009-0095 | 1 Microsoft | 1 Visio | 2018-10-12 | 9.3 HIGH | N/A |
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." | |||||
CVE-2008-4268 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2018-10-12 | 8.5 HIGH | N/A |
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." |