Filtered by vendor Microsoft
Subscribe
Total
19158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0562 | 1 Microsoft | 1 Windows Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
| Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. | |||||
| CVE-2007-0213 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 10.0 HIGH | N/A |
| Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | |||||
| CVE-2007-3334 | 3 Ca, Ingres, Microsoft | 3 Etrust Secure Content Manager, Database Server, All Windows | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2007-1527 | 1 Microsoft | 1 Windows Vista | 2023-12-10 | 5.0 MEDIUM | N/A |
| The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | |||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | |||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2023-12-10 | 7.2 HIGH | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | |||||
| CVE-2007-1347 | 1 Microsoft | 3 Windows 2000, Windows Explorer, Windows Xp | 2023-12-10 | 7.1 HIGH | N/A |
| Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. | |||||
| CVE-2007-2161 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-0948 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2023-12-10 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | |||||
| CVE-2008-0117 | 1 Microsoft | 4 Compatibility Pack Word Excel Powerpoint 2007, Excel, Excel Viewer and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." | |||||
| CVE-2007-3041 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | |||||
| CVE-2007-0913 | 1 Microsoft | 1 Powerpoint | 2023-12-10 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | |||||
| CVE-2008-0235 | 1 Microsoft | 1 Vfp Ole Server Activex Control | 2023-12-10 | 10.0 HIGH | N/A |
| The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. | |||||
| CVE-2007-0027 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. | |||||
| CVE-2007-0040 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2023-12-10 | 10.0 HIGH | N/A |
| The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." | |||||
| CVE-2007-1537 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2023-12-10 | 3.6 LOW | N/A |
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | |||||
| CVE-2007-0945 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." | |||||
| CVE-2008-0304 | 3 Linux, Microsoft, Mozilla | 4 Linux Kernel, Windows, Seamonkey and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | |||||
| CVE-2007-3034 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Server 2003 and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
| Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | |||||