National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_7:-:-:~~ultimate_n~~x86~
There are 690 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2012-4775

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-2553

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 7.2 HIGH
CVE-2012-2532

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-2531

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 2.1 LOW
CVE-2012-2530

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 7.2 HIGH
CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 7.9 HIGH
CVE-2012-1896

Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 5.0 MEDIUM
CVE-2012-1895

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-1539

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-1538

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-1528

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-1527

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."

Published: November 13, 2012; 07:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2012-2551

The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."

Published: October 09, 2012; 05:55:02 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-2529

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."

Published: October 09, 2012; 05:55:02 PM -04:00
    V2: 7.2 HIGH
CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Published: September 26, 2012; 06:56:05 AM -04:00
    V2: 10.0 HIGH
CVE-2012-3324

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Published: September 25, 2012; 04:55:01 PM -04:00
    V2: 9.0 HIGH
CVE-2012-4969

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Published: September 18, 2012; 06:39:14 AM -04:00
    V2: 9.3 HIGH
CVE-2012-4337

Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references.

Published: August 23, 2012; 11:55:00 AM -04:00
    V2: 9.3 HIGH
CVE-2012-2527

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."

Published: August 14, 2012; 09:55:01 PM -04:00
    V2: 7.2 HIGH
CVE-2012-1851

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."

Published: August 14, 2012; 09:55:01 PM -04:00
    V2: 10.0 HIGH