Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0250 | 1 Microsoft | 1 Visual Interdev | 2017-09-28 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. | |||||
| CVE-2008-0237 | 1 Microsoft | 1 Rich Textbox Control | 2017-09-28 | 6.8 MEDIUM | N/A |
| The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. | |||||
| CVE-2008-1709 | 1 Microsoft | 1 Visual Interdev | 2017-09-28 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250. | |||||
| CVE-2008-0304 | 3 Linux, Microsoft, Mozilla | 4 Linux Kernel, Windows, Seamonkey and 1 more | 2017-09-28 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | |||||
| CVE-2007-4336 | 1 Microsoft | 1 Directx Media | 2017-09-28 | 4.3 MEDIUM | N/A |
| Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. | |||||
| CVE-2007-4254 | 1 Microsoft | 2 Visual Database Tools Database Designer, Visual Studio | 2017-09-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127. | |||||
| CVE-2007-6387 | 3 Intuit, Microsoft, Vantage Linquistics | 8 Bookkeeping, Proseries, Quickbooks and 5 more | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3956 | 2 Microsoft, Teamspeak | 2 All Windows, Web Server | 2017-09-28 | 7.8 HIGH | N/A |
| TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534. | |||||
| CVE-2007-5322 | 1 Microsoft | 1 Visual Foxpro | 2017-09-28 | 7.5 HIGH | N/A |
| Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. | |||||
| CVE-2007-4890 | 1 Microsoft | 1 Visual Studio | 2017-09-28 | 5.8 MEDIUM | N/A |
| Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. | |||||
| CVE-2007-4891 | 1 Microsoft | 1 Visual Studio | 2017-09-28 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. | |||||
| CVE-2007-6236 | 1 Microsoft | 1 Windows Media Player | 2017-09-28 | 5.0 MEDIUM | N/A |
| Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff. | |||||
| CVE-2007-4776 | 1 Microsoft | 1 Visual Basic | 2017-09-28 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. | |||||
| CVE-2007-3490 | 1 Microsoft | 1 Excel | 2017-09-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. | |||||
| CVE-2017-6271 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. | |||||
| CVE-2017-6277 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-6268 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-6270 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. | |||||
| CVE-2017-0022 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2017-09-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." | |||||
| CVE-2017-0170 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2017-09-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | |||||