Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 7
Total 3056 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3404 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-03-01 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."
CVE-2011-2019 1 Microsoft 3 Internet Explorer, Windows 7, Windows Server 2008 2022-03-01 9.3 HIGH N/A
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
CVE-2011-1992 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-03-01 4.3 MEDIUM N/A
The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
CVE-2011-2000 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."
CVE-2011-1999 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
CVE-2011-1998 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."
CVE-2011-1996 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
CVE-2011-1995 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."
CVE-2011-1993 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."
CVE-2011-1960 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."
CVE-2011-1964 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."
CVE-2011-1963 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."
CVE-2011-1962 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."
CVE-2011-1961 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."
CVE-2011-1257 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 7.6 HIGH N/A
Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."
CVE-2011-1266 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
The Vector Markup Language (VML) implementation in vgx.dll in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "VML Memory Corruption Vulnerability."
CVE-2011-1262 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruption Vulnerability."
CVE-2011-1261 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Selection Object Memory Corruption Vulnerability."
CVE-2011-1258 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability."
CVE-2011-1256 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2022-02-28 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "DOM Modification Memory Corruption Vulnerability."