Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Vista
Total 1348 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0532 2 Apple, Microsoft 4 Itunes, Windows 7, Windows Vista and 1 more 2024-11-21 6.9 MEDIUM N/A
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
CVE-2010-0531 2 Apple, Microsoft 6 Itunes, Mac Os X, Mac Os X Server and 3 more 2024-11-21 4.3 MEDIUM N/A
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
CVE-2010-0529 2 Apple, Microsoft 4 Quicktime, Windows 7, Windows Vista and 1 more 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a BkPixPat opcode (0x12) containing crafted values that are used in a calculation for memory allocation.
CVE-2010-0528 2 Apple, Microsoft 4 Quicktime, Windows 7, Windows Vista and 1 more 2024-11-21 9.3 HIGH N/A
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value.
CVE-2010-0527 2 Apple, Microsoft 4 Quicktime, Windows 7, Windows Vista and 1 more 2024-11-21 9.3 HIGH N/A
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
CVE-2010-0494 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more 2024-11-21 4.3 MEDIUM N/A
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
CVE-2010-0492 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH 8.1 HIGH
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-0490 1 Microsoft 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2010-0489 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2024-11-21 9.3 HIGH N/A
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
CVE-2010-0488 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2024-11-21 4.3 MEDIUM N/A
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
CVE-2010-0487 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
CVE-2010-0486 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
CVE-2010-0485 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2024-11-21 6.8 MEDIUM N/A
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
CVE-2010-0484 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2024-11-21 6.8 MEDIUM N/A
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
CVE-2010-0481 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2024-11-21 4.7 MEDIUM N/A
The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
CVE-2010-0480 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
CVE-2010-0476 1 Microsoft 5 Windows 2003 Server, Windows 7, Windows Server 2003 and 2 more 2024-11-21 10.0 HIGH N/A
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
CVE-2010-0278 1 Microsoft 3 Windows 7, Windows Live Messenger, Windows Vista 2024-11-21 4.3 MEDIUM N/A
A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
CVE-2010-0269 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more 2024-11-21 10.0 HIGH N/A
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
CVE-2010-0267 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."