Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:microsoft:windows_7:-:sp1:~~enterprise_kn~~x64~
There are 1,720 matching records.
Displaying matches 1,621 through 1,640.
Vuln ID Summary CVSS Severity
CVE-2010-3944

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3943

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3942

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3941

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3940

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3939

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3348

Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3342.

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3346

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3345

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3342

Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3338

The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.

Published: December 16, 2010; 2:33:02 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3962

Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.

Published: November 05, 2010; 1:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3331

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3330

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3329

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3328

Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3327

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3325

Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3243

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3229

The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."

Published: October 13, 2010; 3:00:45 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH