Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21237 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5044 1 Microsoft 2 Windows Server 2003, Windows Vista 2025-04-09 4.0 MEDIUM N/A
Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
CVE-2007-3111 2 Microsoft, Provideo 3 Internet Explorer, Windows 2000, Camimage Activex Control 2025-04-09 10.0 HIGH N/A
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
CVE-2009-3832 2 Microsoft, Opera 2 Windows, Opera Browser 2025-04-09 5.8 MEDIUM N/A
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
CVE-2009-0419 1 Microsoft 1 Xml Core Services 2025-04-09 5.0 MEDIUM N/A
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
CVE-2006-3876 1 Microsoft 1 Office 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
CVE-2007-1534 1 Microsoft 1 Windows Vista 2025-04-09 9.3 HIGH N/A
DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
CVE-2007-6423 2 Apache, Microsoft 2 Http Server, Windows Nt 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
CVE-2007-1089 3 Ibm, Linux, Microsoft 3 Db2 Universal Database, Linux Kernel, Windows Xp 2025-04-09 7.2 HIGH N/A
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.
CVE-2008-5544 2 Hacksoft, Microsoft 2 The Hacker, Internet Explorer 2025-04-09 9.3 HIGH N/A
Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2006-1305 1 Microsoft 2 Office, Outlook 2025-04-09 4.3 MEDIUM N/A
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
CVE-2009-0230 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more 2025-04-09 9.0 HIGH N/A
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
CVE-2007-5145 1 Microsoft 1 Windows Xp 2025-04-09 4.3 MEDIUM N/A
Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347.
CVE-2008-4510 1 Microsoft 1 Windows Vista 2025-04-09 4.9 MEDIUM N/A
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
CVE-2008-2159 1 Microsoft 1 Internet Explorer 2025-04-09 2.1 LOW N/A
Microsoft Internet Explorer 7 can save encrypted pages in the cache even when the DisableCachingOfSSLPages registry setting is enabled, which might allow local users to obtain sensitive information.
CVE-2007-5090 2 Ibm, Microsoft 3 Db2, Rational Clearquest, Sql Server 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
CVE-2008-1547 1 Microsoft 1 Exchange Server 2025-04-09 4.3 MEDIUM N/A
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
CVE-2007-2218 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
CVE-2008-1092 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more 2025-04-09 9.3 HIGH N/A
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
CVE-2009-0232 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 9.3 HIGH N/A
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
CVE-2006-3877 1 Microsoft 14 Access, Excel, Excel Viewer and 11 more 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.