Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19143 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4278 2 Microsoft, Vmware 3 Windows, Virtual Infrastructure Client, Virtualcenter 2023-12-10 2.1 LOW N/A
VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in cleartext when the password contains unspecified special characters, which allows physically proximate attackers to steal the password.
CVE-2009-2525 1 Microsoft 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more 2023-12-10 9.3 HIGH N/A
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
CVE-2008-4699 1 Microsoft 1 Peachtree Accounting 2023-12-10 9.3 HIGH N/A
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
CVE-2008-3704 1 Microsoft 4 Visual Basic, Visual Foxpro, Visual Studio and 1 more 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
CVE-2008-5912 1 Microsoft 1 Internet Explorer 2023-12-10 2.1 LOW N/A
An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-4266 1 Microsoft 4 Excel, Excel Viewer, Office and 1 more 2023-12-10 9.3 HIGH N/A
Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability."
CVE-2008-1092 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more 2023-12-10 9.3 HIGH N/A
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
CVE-2009-3832 2 Microsoft, Opera 2 Windows, Opera Browser 2023-12-10 5.8 MEDIUM N/A
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
CVE-2009-1130 1 Microsoft 2 Office, Office Powerpoint 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
CVE-2008-3648 1 Microsoft 1 Windows Xp 2023-12-10 9.3 HIGH N/A
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
CVE-2009-4073 1 Microsoft 1 Internet Explorer 2023-12-10 5.0 MEDIUM N/A
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
CVE-2008-5415 3 Broadcom, Ca, Microsoft 3 Arcserve Backup, Arcserve Backup, Windows 2023-12-10 10.0 HIGH N/A
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
CVE-2008-3629 2 Apple, Microsoft 6 Mac Os X, Mac Os X Server, Quicktime and 3 more 2023-12-10 4.3 MEDIUM N/A
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
CVE-2009-2512 1 Microsoft 2 Windows Server 2008, Windows Vista 2023-12-10 9.3 HIGH N/A
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
CVE-2008-1471 2 Microsoft, Panda 6 Windows-nt, Windows 2000, Windows Vista and 3 more 2023-12-10 7.2 HIGH N/A
The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ Firewall 2008 allows local users to cause a denial of service (system crash or kernel panic), overwrite memory, or execute arbitrary code via a crafted IOCTL request that triggers an out-of-bounds write of kernel memory.
CVE-2009-1536 1 Microsoft 3 .net Framework, Windows Server 2008, Windows Vista 2023-12-10 2.6 LOW N/A
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
CVE-2009-1544 1 Microsoft 4 Windows 2003 Server, Windows Server 2008, Windows Vista and 1 more 2023-12-10 9.0 HIGH N/A
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
CVE-2008-5178 2 Microsoft, Opera 2 Windows, Opera 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
CVE-2009-1267 2 Microsoft, Wireshark 2 Windows, Wireshark 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
CVE-2009-1124 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2023-12-10 7.2 HIGH N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."