U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:-:*:*:enterprise_n:*:x86:*
  • CPE Name Search: true
There are 627 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2011-3401

ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2019

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2018

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-1992

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4434

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Published: November 11, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2011-2016

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2014

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2011-2013

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-2004

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-3251

Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.

Published: October 27, 2011; 10:49:53 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3250

Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

Published: October 27, 2011; 10:49:53 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3249

Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.

Published: October 27, 2011; 10:49:53 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3248

Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.

Published: October 27, 2011; 10:49:52 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3247

Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.

Published: October 27, 2011; 10:49:52 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3252

Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.

Published: October 12, 2011; 2:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3219

Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

Published: October 12, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2339

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Published: October 12, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2011-2338

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

Published: October 12, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2011-0259

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Published: October 12, 2011; 2:55:01 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2011-2011

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."

Published: October 11, 2011; 10:52:44 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH