Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:microsoft:windows_vista:-:sp2:~~home_premium~~x64~
There are 376 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2010-3330

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3329

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3328

Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3327

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3325

Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1883

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."

Published: October 13, 2010; 3:00:18 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0808

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:03 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2010-2738

The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."

Published: September 15, 2010; 3:00:19 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2729

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."

Published: September 15, 2010; 3:00:19 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2560

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."

Published: August 11, 2010; 2:47:51 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2558

Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2556

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2555

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2554

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2553

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1890

The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2010-1889

Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."

Published: August 11, 2010; 2:47:50 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-1258

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."

Published: August 11, 2010; 2:47:49 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-2568

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Published: July 22, 2010; 1:43:49 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1262

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH