U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_7:-:*:x86:*:*:*:*:*
There are 169 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2013-1286

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-1285

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-0094

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0093

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0092

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0091

Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0090

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0089

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0088

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0087

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer OnResize Use After Free Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

Published: March 12, 2013; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-2556

Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "ASLR Security Feature Bypass Vulnerability."

Published: March 11, 2013; 6:55:01 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-2554

Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.

Published: March 11, 2013; 6:55:01 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-2553

Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.

Published: March 11, 2013; 6:55:01 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2013-0073

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-0030

The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0029

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability."

Published: February 13, 2013; 7:04:12 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0024

Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0019

Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability."

Published: February 13, 2013; 7:04:11 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH