Filtered by vendor Microsoft Subscriptions
Total 24921 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-4254 1 Microsoft 2 Visual Database Tools Database Designer, Visual Studio 2026-04-23 N/A
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
CVE-2008-4473 2 Adobe, Microsoft 2 Flash Player, Windows 2026-04-23 N/A
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
CVE-2007-2161 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2009-3096 2 Hp, Microsoft 2 Performance Insight, Windows 2026-04-23 N/A
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3126 1 Microsoft 27 .net Framework, Excel Viewer, Expression Web and 24 more 2026-04-23 N/A
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
CVE-2009-3131 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-04-23 N/A
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."
CVE-2009-3133 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-04-23 N/A
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
CVE-2009-3135 1 Microsoft 4 Office, Office Word, Office Word Viewer and 1 more 2026-04-23 N/A
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
CVE-2009-3830 1 Microsoft 1 Sharepoint Server 2026-04-23 N/A
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
CVE-2007-3028 1 Microsoft 1 Windows 2000 2026-04-23 N/A
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
CVE-2007-0948 1 Microsoft 2 Virtual Pc, Virtual Server 2026-04-23 N/A
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
CVE-2008-0075 1 Microsoft 1 Internet Information Server 2026-04-23 N/A
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
CVE-2007-4848 1 Microsoft 2 Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
CVE-2007-1201 1 Microsoft 5 Biztalk Server, Commerce Server, Internet Security And Acceleration Server and 2 more 2026-04-23 N/A
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
CVE-2007-1205 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-23 N/A
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
CVE-2007-1209 1 Microsoft 1 Windows Vista 2026-04-23 N/A
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
CVE-2007-1214 1 Microsoft 2 Excel, Excel Viewer 2026-04-23 N/A
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
CVE-2007-1215 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more 2026-04-23 N/A
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
CVE-2007-1220 1 Microsoft 1 Xbox 360 2026-04-23 N/A
The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
CVE-2007-1239 1 Microsoft 1 Excel 2026-04-23 N/A
Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.