Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Vista
Total 1348 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0173 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 9.3 HIGH N/A
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
CVE-2012-0171 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."
CVE-2012-0169 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
CVE-2012-0168 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 7.6 HIGH N/A
Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."
CVE-2012-0165 1 Microsoft 3 Office, Windows Server 2008, Windows Vista 2024-11-21 9.3 HIGH N/A
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
CVE-2012-0159 1 Microsoft 7 Office, Silverlight, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."
CVE-2012-0157 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 7.2 HIGH 8.4 HIGH
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
CVE-2012-0156 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2024-11-21 4.3 MEDIUM N/A
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
CVE-2012-0155 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
CVE-2012-0154 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
CVE-2012-0151 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 9.3 HIGH 7.8 HIGH
The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
CVE-2012-0150 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2024-11-21 9.3 HIGH N/A
Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
CVE-2012-0148 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 7.2 HIGH N/A
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
CVE-2012-0015 1 Microsoft 6 .net Framework, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
CVE-2012-0014 2 Apple, Microsoft 9 Mac Os X, .net Framework, Silverlight and 6 more 2024-11-21 9.3 HIGH N/A
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
CVE-2012-0013 1 Microsoft 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 9.3 HIGH N/A
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
CVE-2012-0012 1 Microsoft 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more 2024-11-21 4.3 MEDIUM N/A
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
CVE-2012-0011 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
CVE-2012-0010 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 4.3 MEDIUM N/A
Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."
CVE-2012-0005 1 Microsoft 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more 2024-11-21 6.9 MEDIUM N/A
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."