Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 14401 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32461 2 Microsoft, Trendmicro 2 Windows, Password Manager 2021-07-23 7.2 HIGH 7.8 HIGH
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-32462 2 Microsoft, Trendmicro 2 Windows, Password Manager 2021-07-23 9.0 HIGH 8.8 HIGH
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability.
CVE-2021-1051 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2021-07-23 6.6 MEDIUM 8.4 HIGH
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which a local user can get elevated privileges to modify display configuration data, which may result in denial of service of the display.
CVE-2020-1147 1 Microsoft 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more 2021-07-23 6.8 MEDIUM 7.8 HIGH
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2011-1250 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2021-07-23 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Link Properties Handling Memory Corruption Vulnerability."
CVE-2002-2435 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.
CVE-2009-1043 1 Microsoft 2 Internet Explorer, Windows 7 2021-07-23 10.0 HIGH N/A
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
CVE-2011-2383 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.
CVE-2004-0549 1 Microsoft 1 Internet Explorer 2021-07-23 10.0 HIGH N/A
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
CVE-2012-1545 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 5.8 MEDIUM N/A
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2008-7295 1 Microsoft 1 Internet Explorer 2021-07-23 5.8 MEDIUM N/A
Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2007-5456 1 Microsoft 1 Internet Explorer 2021-07-23 7.5 HIGH N/A
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism.
CVE-2005-4844 1 Microsoft 1 Internet Explorer 2021-07-23 7.1 HIGH N/A
The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVE-2009-2576 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
CVE-2008-6893 2 Alt-n, Microsoft 2 Worldclient, Internet Explorer 2021-07-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag.
CVE-1999-0537 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2021-07-23 7.5 HIGH N/A
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.
CVE-2006-7031 1 Microsoft 10 Internet Explorer, Windows 2000, Windows 2003 Server and 7 more 2021-07-23 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
CVE-2002-2125 1 Microsoft 2 Ie, Internet Explorer 2021-07-23 6.4 MEDIUM N/A
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
CVE-2002-0242 1 Microsoft 1 Internet Explorer 2021-07-23 7.5 HIGH N/A
Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.
CVE-2001-0722 1 Microsoft 1 Internet Explorer 2021-07-23 6.4 MEDIUM N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."