Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0437 2 Ibm, Microsoft 2 Websphere Application Server, Windows 2025-04-09 1.9 LOW N/A
The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.
CVE-2009-0341 1 Microsoft 2 Internet Explorer, Windows Xp 2025-04-09 9.3 HIGH N/A
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
CVE-2009-2527 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Media Player and 1 more 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
CVE-2009-3128 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2025-04-09 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
CVE-2007-1114 1 Microsoft 1 Ie 2025-04-09 4.3 MEDIUM N/A
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
CVE-2008-0086 1 Microsoft 4 Data Engine, Sql Server, Sql Server Desktop Engine and 1 more 2025-04-09 9.0 HIGH N/A
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
CVE-2007-2222 1 Microsoft 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more 2025-04-09 9.3 HIGH N/A
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
CVE-2007-6047 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 10.0 HIGH N/A
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
CVE-2007-1531 1 Microsoft 2 Windows Vista, Windows Xp 2025-04-09 5.0 MEDIUM N/A
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
CVE-2008-0766 2 Brooks Internet Software, Microsoft 3 Rpm Remote Print Manager Elite, Rpm Remote Print Manager Select, Windows 2025-04-09 10.0 HIGH N/A
Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information.
CVE-2007-4041 2 Microsoft, Mozilla 4 Internet Explorer, Windows 2003 Server, Windows Xp and 1 more 2025-04-09 6.8 MEDIUM N/A
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.
CVE-2008-2249 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more 2025-04-09 9.3 HIGH N/A
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
CVE-2006-4693 1 Microsoft 2 Office, Word 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
CVE-2007-6357 1 Microsoft 1 Access 2025-04-09 5.8 MEDIUM N/A
Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
CVE-2008-1435 1 Microsoft 2 Windows-nt, Windows Vista 2025-04-09 9.3 HIGH N/A
Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
CVE-2006-7065 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2025-04-09 5.0 MEDIUM N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
CVE-2009-1531 1 Microsoft 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 9.3 HIGH N/A
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
CVE-2009-3532 2 Logrover, Microsoft 2 Logrover, Windows 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-1529 1 Microsoft 1 Windows Vista 2025-04-09 4.3 MEDIUM N/A
The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.
CVE-2007-3038 1 Microsoft 1 Windows Vista 2025-04-09 7.8 HIGH N/A
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."