Filtered by vendor Microsoft
Subscribe
Total
21337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-3362 | 3 Ageet, Htc, Microsoft | 3 Agephone, Hytn, Windows Mobile | 2025-04-09 | 7.8 HIGH | N/A |
| ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. | |||||
| CVE-2008-4563 | 2 Ibm, Microsoft | 3 Tivoli Storage Manager, Tivoli Storage Manager Express, Windows | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. | |||||
| CVE-2009-0566 | 1 Microsoft | 1 Office Publisher | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | |||||
| CVE-2008-2010 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-6194 | 1 Microsoft | 1 Windows | 2025-04-09 | 7.8 HIGH | N/A |
| Memory leak in the DNS server in Microsoft Windows allows remote attackers to cause a denial of service (memory consumption) via DNS packets. NOTE: this issue reportedly exists because of an incorrect fix for CVE-2007-3898. | |||||
| CVE-2009-2536 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2009-1267 | 2 Microsoft, Wireshark | 2 Windows, Wireshark | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. | |||||
| CVE-2008-5179 | 1 Microsoft | 3 Office Communications Server, Office Communicator, Windows Live Messenger | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | |||||
| CVE-2008-0768 | 2 Ibm, Microsoft | 3 Informix Dynamic Server, Informix Storage Manager, Windows | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. | |||||
| CVE-2008-5526 | 2 Drweb, Microsoft | 2 Anti-virus, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5531 | 2 Fortinet, Microsoft | 2 Fortiguard Antivirus, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
| Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-1453 | 1 Microsoft | 3 Windows-nt, Windows Vista, Windows Xp | 2025-04-09 | 8.3 HIGH | N/A |
| The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | |||||
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | |||||
| CVE-2008-4420 | 4 Filestream, Hp, Innermedia and 1 more | 5 Turbozip, Openview Performance Agent, Dynazip Max and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985. | |||||
| CVE-2007-0039 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | 7.8 HIGH | N/A |
| The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | |||||
| CVE-2007-3164 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | 5.8 MEDIUM | N/A |
| Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. | |||||
| CVE-2009-0079 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-09 | 6.9 MEDIUM | N/A |
| The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." | |||||
| CVE-2007-0948 | 1 Microsoft | 2 Virtual Pc, Virtual Server | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." | |||||
| CVE-2008-0113 | 1 Microsoft | 1 Excel Viewer | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." | |||||
| CVE-2007-3826 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | |||||