Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Vista
Total 1348 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0265 1 Microsoft 5 Producer, Windows 7, Windows Movie Maker and 2 more 2024-11-21 9.3 HIGH N/A
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
CVE-2010-0255 1 Microsoft 8 Internet Explorer, Windows 2000, Windows 2003 Server and 5 more 2024-11-21 4.3 MEDIUM N/A
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
CVE-2010-0252 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2024-11-21 9.3 HIGH N/A
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
CVE-2010-0250 1 Microsoft 4 Windows 7, Windows Server 2008, Windows Vista and 1 more 2024-11-21 9.3 HIGH N/A
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
CVE-2010-0249 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2024-11-21 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-0248 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2024-11-21 9.3 HIGH 8.1 HIGH
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
CVE-2010-0246 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
CVE-2010-0245 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
CVE-2010-0244 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2024-11-21 9.3 HIGH N/A
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
CVE-2010-0242 1 Microsoft 2 Windows Server 2008, Windows Vista 2024-11-21 7.8 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
CVE-2010-0241 1 Microsoft 2 Windows Server 2008, Windows Vista 2024-11-21 10.0 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
CVE-2010-0240 1 Microsoft 2 Windows Server 2008, Windows Vista 2024-11-21 10.0 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
CVE-2010-0239 1 Microsoft 2 Windows Server 2008, Windows Vista 2024-11-21 10.0 HIGH N/A
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
CVE-2010-0238 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more 2024-11-21 4.9 MEDIUM N/A
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
CVE-2010-0236 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more 2024-11-21 7.2 HIGH N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
CVE-2010-0235 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2003 and 2 more 2024-11-21 4.7 MEDIUM N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
CVE-2010-0234 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more 2024-11-21 4.7 MEDIUM N/A
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
CVE-2010-0233 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2024-11-21 7.2 HIGH N/A
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
CVE-2010-0231 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2024-11-21 10.0 HIGH N/A
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
CVE-2010-0161 2 Microsoft, Mozilla 5 Windows 7, Windows Server 2008, Windows Vista and 2 more 2024-11-21 4.3 MEDIUM N/A
The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI.