Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19143 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0029 1 Microsoft 7 Remote Desktop Connection Client, Windows 2003 Server, Windows 7 and 4 more 2023-12-10 9.3 HIGH N/A
Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability."
CVE-2011-0091 1 Microsoft 2 Windows 7, Windows Server 2008 2023-12-10 6.4 MEDIUM N/A
Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
CVE-2010-0032 1 Microsoft 1 Powerpoint 2023-12-10 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
CVE-2010-5082 1 Microsoft 1 Windows Server 2008 2023-12-10 9.3 HIGH N/A
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
CVE-2011-0147 2 Apple, Microsoft 6 Itunes, Webkit, Windows and 3 more 2023-12-10 7.6 HIGH N/A
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE-2010-3230 1 Microsoft 1 Excel 2023-12-10 9.3 HIGH N/A
Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
CVE-2010-3946 1 Microsoft 2 Office, Office Converter Pack 2023-12-10 9.3 HIGH N/A
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
CVE-2010-3144 1 Microsoft 2 Windows Server 2003, Windows Xp 2023-12-10 9.3 HIGH N/A
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
CVE-2011-2102 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2023-12-10 9.3 HIGH N/A
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
CVE-2010-1253 1 Microsoft 4 Excel, Office, Office Compatibility Pack and 1 more 2023-12-10 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability."
CVE-2010-1796 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 2.6 LOW N/A
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
CVE-2010-1777 2 Apple, Microsoft 5 Itunes, Mac Os X, Windows 7 and 2 more 2023-12-10 9.3 HIGH N/A
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
CVE-2010-3268 3 Intel, Microsoft, Symantec 4 Intel Alert Management System, Windows 2000, Antivirus and 1 more 2023-12-10 5.0 MEDIUM N/A
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
CVE-2010-1901 1 Microsoft 5 Office, Office Compatibility Pack, Office Word Viewer and 2 more 2023-12-10 9.3 HIGH N/A
Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."
CVE-2010-2703 2 Hp, Microsoft 2 Openview Network Node Manager, Windows 2023-12-10 10.0 HIGH N/A
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
CVE-2011-1244 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2023-12-10 5.8 MEDIUM N/A
Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability."
CVE-2010-1397 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
CVE-2010-2219 3 Adobe, Linux, Microsoft 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors.
CVE-2010-3231 1 Microsoft 3 Excel, Office, Open Xml File Format Converter 2023-12-10 9.3 HIGH N/A
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
CVE-2011-0218 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 9.3 HIGH N/A
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.