Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0913 | 1 Microsoft | 1 Powerpoint | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. | |||||
| CVE-2007-0878 | 1 Microsoft | 1 Windows Mobile | 2024-11-21 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. | |||||
| CVE-2007-0870 | 1 Microsoft | 1 Word | 2024-11-21 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | |||||
| CVE-2007-0843 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2024-11-21 | 4.6 MEDIUM | N/A |
| The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | |||||
| CVE-2007-0842 | 1 Microsoft | 1 Visual C\+\+ | 2024-11-21 | 5.0 MEDIUM | N/A |
| The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition. | |||||
| CVE-2007-0811 | 1 Microsoft | 1 Ie | 2024-11-21 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. | |||||
| CVE-2007-0714 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2024-11-21 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | |||||
| CVE-2007-0712 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, Windows | 2024-11-21 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. | |||||
| CVE-2007-0711 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2024-11-21 | 9.3 HIGH | N/A |
| Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. | |||||
| CVE-2007-0685 | 1 Microsoft | 1 Windows Mobile | 2024-11-21 | 2.6 LOW | N/A |
| Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. | |||||
| CVE-2007-0675 | 1 Microsoft | 1 Windows Vista | 2024-11-21 | 7.6 HIGH | N/A |
| A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | |||||
| CVE-2007-0674 | 1 Microsoft | 1 Windows Mobile | 2024-11-21 | 7.1 HIGH | N/A |
| Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file. | |||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | |||||
| CVE-2007-0612 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 7.8 HIGH | N/A |
| Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. | |||||
| CVE-2007-0562 | 1 Microsoft | 1 Windows Explorer | 2024-11-21 | 4.3 MEDIUM | N/A |
| Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. | |||||
| CVE-2007-0515 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. | |||||
| CVE-2007-0468 | 1 Microsoft | 1 Visual Studio | 2024-11-21 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. | |||||
| CVE-2007-0427 | 1 Microsoft | 1 Html Help Workshop | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | |||||
| CVE-2007-0356 | 2 Common Controls Replacement Project, Microsoft | 2 Foldertreeview Activex Control, Ie | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | |||||
| CVE-2007-0352 | 1 Microsoft | 1 Html Help Workshop | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | |||||