U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:-:*:*:professional_kn:*:x86:*
  • CPE Name Search: true
There are 627 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2011-1965

Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-1964

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1963

Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1962

Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1961

The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1960

Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-1871

Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2011-1257

Race condition in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors involving access to an object, aka "Window Open Race Condition Vulnerability."

Published: August 10, 2011; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2011-0251

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.

Published: August 03, 2011; 10:45:32 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0250

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.

Published: August 03, 2011; 10:45:32 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0249

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.

Published: August 03, 2011; 10:45:32 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0248

Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.

Published: August 03, 2011; 10:45:32 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0247

Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.

Published: August 03, 2011; 10:45:32 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-0246

Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

Published: August 03, 2011; 10:45:31 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1797

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 8.8 HIGH
CVE-2011-1462

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1457

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1453

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1288

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

Published: July 21, 2011; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH