Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 7
Total 3087 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1878 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."
CVE-2012-1877 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."
CVE-2012-1876 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2012-1875 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
CVE-2012-1874 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."
CVE-2012-1873 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 4.3 MEDIUM N/A
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability."
CVE-2012-1872 1 Microsoft 4 Internet Explorer, Windows 7, Windows Vista and 1 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability."
CVE-2012-1870 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 4.3 MEDIUM N/A
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
CVE-2012-1867 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-11-21 7.2 HIGH 8.4 HIGH
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
CVE-2012-1866 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-11-21 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
CVE-2012-1865 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-11-21 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
CVE-2012-1864 1 Microsoft 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more 2024-11-21 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
CVE-2012-1858 1 Microsoft 9 Internet Explorer, Lync, Office Communicator and 6 more 2024-11-21 4.3 MEDIUM N/A
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
CVE-2012-1855 1 Microsoft 7 .net Framework, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
CVE-2012-1851 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 10.0 HIGH N/A
Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
CVE-2012-1850 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 5.0 MEDIUM N/A
The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
CVE-2012-1848 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
CVE-2012-1539 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2024-11-21 9.3 HIGH 8.1 HIGH
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreePos Use After Free Vulnerability."
CVE-2012-1538 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CFormElement Use After Free Vulnerability."
CVE-2012-1528 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2024-11-21 9.3 HIGH N/A
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."