Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0522 | 2 Adobe, Microsoft | 5 Air, Flash Player, Flash Player For Linux and 2 more | 2017-09-28 | 4.3 MEDIUM | N/A |
| Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | |||||
| CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2017-09-28 | 5.4 MEDIUM | N/A |
| Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | |||||
| CVE-2008-4323 | 1 Microsoft | 1 Windows Xp | 2017-09-28 | 4.3 MEDIUM | N/A |
| Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | |||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2017-09-28 | 6.8 MEDIUM | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
| CVE-2008-4510 | 1 Microsoft | 1 Windows Vista | 2017-09-28 | 4.9 MEDIUM | N/A |
| Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | |||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2017-09-28 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | |||||
| CVE-2008-4922 | 2 Djvu, Microsoft | 2 Activex Control For Microsoft Office 2000, Office | 2017-09-28 | 9.3 HIGH | N/A |
| Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. | |||||
| CVE-2008-5180 | 1 Microsoft | 1 Office Communicator | 2017-09-28 | 5.0 MEDIUM | N/A |
| Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | |||||
| CVE-2008-2161 | 2 Microsoft, Tftp | 2 All Windows, Tftp Server Sp | 2017-09-28 | 10.0 HIGH | N/A |
| Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2244 | 1 Microsoft | 1 Office Word | 2017-09-28 | 9.3 HIGH | N/A |
| Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | |||||
| CVE-2008-2463 | 1 Microsoft | 1 Office Snapshot Viewer Activex | 2017-09-28 | 6.8 MEDIUM | N/A |
| The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2959 | 1 Microsoft | 1 Visual Basic Enterprise Edition | 2017-09-28 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. | |||||
| CVE-2008-0235 | 1 Microsoft | 1 Vfp Ole Server Activex Control | 2017-09-28 | 10.0 HIGH | N/A |
| The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. | |||||
| CVE-2008-0470 | 2 Comodo, Microsoft | 2 Comodo Antivirus, Activex | 2017-09-28 | 9.3 HIGH | N/A |
| A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. | |||||
| CVE-2008-0236 | 1 Microsoft | 1 Visual Foxpro | 2017-09-28 | 5.8 MEDIUM | N/A |
| An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. | |||||
| CVE-2008-0551 | 2 Microsoft, Sejoong Namo | 2 Activex, Activesquare | 2017-09-28 | 9.3 HIGH | N/A |
| The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0437 | 2 Hp, Microsoft | 2 Virtual Rooms, Activex | 2017-09-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2017-09-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||||
| CVE-2008-0392 | 1 Microsoft | 1 Visual Basic | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. | |||||
| CVE-2008-0379 | 2 Businessobjects, Microsoft | 2 Crystal Reports Xi, Activex | 2017-09-28 | 9.3 HIGH | N/A |
| Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. | |||||