Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 8.1
Total 2876 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1147 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
CVE-2019-1146 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 9.3 HIGH 7.8 HIGH
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
CVE-2019-1145 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
CVE-2019-1144 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
CVE-2019-1143 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
CVE-2019-1142 1 Microsoft 7 .net Framework, Windows 10, Windows 8.1 and 4 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.
CVE-2019-1133 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
CVE-2019-1130 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2024-11-21 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
CVE-2019-1125 2 Microsoft, Redhat 15 Windows 10, Windows 7, Windows 8.1 and 12 more 2024-11-21 2.1 LOW 5.6 MEDIUM
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.
CVE-2019-1113 1 Microsoft 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
CVE-2019-1108 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.
CVE-2019-1104 1 Microsoft 10 Edge, Internet Explorer, Windows 10 and 7 more 2024-11-21 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
CVE-2019-1102 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2019-1097 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093.
CVE-2019-1096 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
CVE-2019-1095 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.
CVE-2019-1094 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116.
CVE-2019-1093 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097.
CVE-2019-1089 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'.
CVE-2019-1088 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087.