Filtered by vendor Microsoft
Subscriptions
Total
24916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0088 | 1 Microsoft | 5 Office Converter Pack, Office Word, Windows 2000 and 2 more | 2026-04-23 | N/A |
| The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." | ||||
| CVE-2009-0089 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." | ||||
| CVE-2009-0090 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2026-04-23 | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." | ||||
| CVE-2009-0097 | 1 Microsoft | 1 Visio | 2026-04-23 | N/A |
| Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | ||||
| CVE-2009-0100 | 1 Microsoft | 4 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 1 more | 2026-04-23 | N/A |
| Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." | ||||
| CVE-2009-0102 | 1 Microsoft | 3 Office Project, Project Portfolio Server, Project Server | 2026-04-23 | N/A |
| Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability." | ||||
| CVE-2009-0119 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file. | ||||
| CVE-2009-0123 | 2 Apple, Microsoft | 3 Mac Os X, Safari, Windows | 2026-04-23 | N/A |
| Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5858 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Services | 2026-04-23 | N/A |
| Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | ||||
| CVE-2008-6893 | 2 Alt-n, Microsoft | 2 Worldclient, Internet Explorer | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient 10.0.2, when Internet Explorer 7 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted img tag. | ||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2026-04-23 | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | ||||
| CVE-2006-5583 | 1 Microsoft | 1 Windows 2003 Server | 2026-04-23 | N/A |
| Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | ||||
| CVE-2006-5586 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-23 | N/A |
| The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." | ||||
| CVE-2008-6063 | 1 Microsoft | 1 Word | 2026-04-23 | N/A |
| Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. | ||||
| CVE-2006-5581 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." | ||||
| CVE-2009-2064 | 1 Microsoft | 2 Internet Explorer, Pocket Ie | 2026-04-23 | N/A |
| Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2008-5912 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-1537 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-23 | N/A |
| \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | ||||
| CVE-2006-5559 | 1 Microsoft | 4 Data Access Components, Windows 2000, Windows 2003 Server and 1 more | 2026-04-23 | N/A |
| The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. | ||||
| CVE-2008-5828 | 1 Microsoft | 1 Windows Live Messenger | 2026-04-23 | N/A |
| Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN Protocol Version 15 (MSNP15) is used over a NAT session, allows remote attackers to discover intranet IP addresses and port numbers by reading the (1) IPv4InternalAddrsAndPorts, (2) IPv4Internal-Addrs, and (3) IPv4Internal-Port header fields. | ||||