Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Vista
Total 1338 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0843 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more 2021-08-09 4.6 MEDIUM N/A
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
CVE-2016-3376 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2021-08-05 9.3 HIGH 7.8 HIGH
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.
CVE-2010-3243 1 Microsoft 8 Internet Explorer, Sharepoint Server, Sharepoint Services and 5 more 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
CVE-2010-3327 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."
CVE-2010-3325 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
CVE-2011-0036 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to a "dangling pointer," aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035.
CVE-2012-1879 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."
CVE-2011-0248 2 Apple, Microsoft 5 Quicktime, Internet Explorer, Windows 7 and 2 more 2021-07-23 9.3 HIGH N/A
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.
CVE-2010-3328 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2011-1260 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability."
CVE-2012-1523 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."
CVE-2012-1880 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."
CVE-2010-1262 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
CVE-2010-1260 1 Microsoft 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more 2021-07-23 9.3 HIGH N/A
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
CVE-2011-0035 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036.
CVE-2010-1259 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-3329 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2011-1252 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
CVE-2009-1532 1 Microsoft 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
CVE-2010-1258 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."