Filtered by vendor Microsoft
Subscribe
Total
19161 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1808 | 1 Microsoft | 1 Windows Xp | 2023-12-10 | 4.9 MEDIUM | N/A |
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. | |||||
CVE-2008-1090 | 1 Microsoft | 2 Office, Visio | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." | |||||
CVE-2009-0565 | 1 Microsoft | 5 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Word and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability." | |||||
CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | |||||
CVE-2008-4582 | 4 Canonical, Debian, Microsoft and 1 more | 5 Ubuntu Linux, Debian Linux, Windows and 2 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. | |||||
CVE-2009-0099 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | |||||
CVE-2008-4253 | 1 Microsoft | 5 Office Frontpage, Project, Visual Basic and 2 more | 2023-12-10 | 8.5 HIGH | N/A |
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." | |||||
CVE-2009-0438 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412. | |||||
CVE-2008-0121 | 1 Microsoft | 1 Office Powerpoint Viewer | 2023-12-10 | 9.3 HIGH | N/A |
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." | |||||
CVE-2009-3129 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability." | |||||
CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2023-12-10 | 5.4 MEDIUM | N/A |
Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | |||||
CVE-2008-3012 | 1 Microsoft | 16 Digital Image Suite, Forefront Client Security, Internet Explorer and 13 more | 2023-12-10 | 9.3 HIGH | N/A |
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability." | |||||
CVE-2008-5828 | 1 Microsoft | 1 Windows Live Messenger | 2023-12-10 | 5.0 MEDIUM | N/A |
Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | |||||
CVE-2009-0084 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." | |||||
CVE-2008-5917 | 2 Horde, Microsoft | 2 Application Framework, Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | |||||
CVE-2008-4028 | 1 Microsoft | 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. | |||||
CVE-2008-2752 | 1 Microsoft | 1 Word | 2023-12-10 | 7.1 HIGH | N/A |
Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-5533 | 2 K7computing, Microsoft | 2 Antivirus, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
CVE-2008-1442 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." | |||||
CVE-2009-3097 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2023-12-10 | 7.8 HIGH | N/A |
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |