Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:*:x64:*:*:*:*:*
There are 177 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2011-2016

Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2014

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2011-2013

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2011-2004

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.

Published: November 08, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2011-3402

Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."

Published: November 04, 2011; 5:55:04 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2011

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."

Published: October 11, 2011; 10:52:44 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-2009

Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Media Center Insecure Library Loading Vulnerability."

Published: October 11, 2011; 10:52:44 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2003

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2002

win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2011-2001

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-2000

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1999

Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1998

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1996

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1995

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1993

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1985

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2011-1253

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1247

Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."

Published: October 11, 2011; 10:52:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1991

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."

Published: September 15, 2011; 8:26:49 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH