Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-0166 |
An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." Published: April 12, 2017; 10:59:00 AM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-0175 |
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability." Published: May 10, 2016; 9:59:15 PM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-0040 |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." Published: February 10, 2016; 6:59:06 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-0020 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability." Published: January 13, 2016; 12:59:16 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-0009 |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability." Published: January 13, 2016; 12:59:07 AM -0500 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2013-3138 |
Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." Published: June 11, 2013; 11:30:15 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2013-1339 |
The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." Published: June 11, 2013; 11:29:59 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2013-3661 |
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain. Published: May 24, 2013; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-1333 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." Published: May 14, 2013; 11:36:34 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-1332 |
dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." Published: May 14, 2013; 11:36:34 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-1347 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. Published: May 05, 2013; 7:07:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-1288 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CTreeNode Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-1287 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-1286 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287. Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-1285 |
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-0094 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0093 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0092 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0091 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0090 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability." Published: March 12, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |