Microsoft

CVE-2002-0367 is a local privilege escalation vulnerability in the smss.exe debugging subsystem of Windows NT and Windows 2000, classified under CWE-269 (Improp…

CVE-2004-0210 is a local privilege escalation vulnerability in the POSIX component of Microsoft Windows NT and Windows 2000, classified under CWE-120 (buffer ov…

CVE-2006-2492 is a buffer overflow vulnerability (CWE-120) in Microsoft Word within Office 2000 SP3, Office XP SP3, Office 2003 SP1/SP2, and Microsoft Works Sui…

CVE-2007-0671 is a high-severity vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, allowing remote user-assisted attackers to execute arbitrary…

CVE-2008-0015 is a stack-based buffer overflow in the CComVariant::ReadFromStream function within the Active Template Library (ATL) used by the MPEG2TuneRequest…

CVE-2008-4250 is a critical remote code execution vulnerability in the Microsoft Windows Server service affecting Windows 2000 through Windows 7 Pre-Beta. The f…

CVE-2009-0238 is a remote code execution vulnerability affecting Microsoft Office Excel versions 2000 through 2007 and Excel Viewer, caused by an invalid object…

CVE-2009-0556 is a memory corruption vulnerability in Microsoft Office PowerPoint versions 2000 SP3, 2002 SP3, 2003 SP3, and Office 2004 for Mac, allowing remot…

CVE-2009-0557 is a remote code execution vulnerability in Microsoft Office Excel components affecting versions from 2000 through 2008 for Mac and various Office…

CVE-2009-0563 is a stack-based buffer overflow vulnerability in Microsoft Office Word affecting versions 2002 SP3, 2003 SP3, 2007 SP1 and SP2, as well as variou…

CVE-2009-1123 is a local privilege escalation vulnerability in the Microsoft Windows kernel affecting Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista Gold/…

CVE-2009-1537 is a critical remote code execution vulnerability in the QuickTime Movie Parser Filter within Microsoft DirectX versions 7.0 through 9.0c on Windo…

CVE-2009-3129 is a memory corruption vulnerability in Microsoft Excel affecting versions 2002 SP3, 2003 SP3, 2007 SP1 and SP2, and various Mac and viewer editio…

CVE-2010-0232 is a local privilege escalation vulnerability in the Microsoft Windows kernel affecting versions from NT 3.1 through Windows 7 and Server 2008. Th…

CVE-2010-0249 is a high-severity memory corruption vulnerability (CWE-416) affecting Microsoft Internet Explorer versions 6 through 8 across multiple Windows op…

CVE-2010-0806 is a high-severity use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, and 7 affecting the Peer Objects component (iepeers.dll).…

CVE-2010-2568 is a remote code execution vulnerability in Microsoft Windows Shell affecting Windows XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, …

CVE-2010-2572 is a buffer overflow vulnerability (CWE-120) in Microsoft PowerPoint 2002 SP3 and 2003 SP3 that allows remote attackers to execute arbitrary code …

CVE-2010-3333 is a vulnerability in Microsoft Office that is actively exploited in the wild and listed on CISA's Known Exploited Vulnerabilities catalog. The fe…

CVE-2010-3962 is a memory corruption vulnerability affecting Microsoft Internet Explorer versions 6, 7, and 8, specifically involving invalid flag references in…

CVE-2010-4398 is a stack-based buffer overflow in win32k.sys affecting Microsoft Windows XP, Server 2003, Vista, Server 2008, and Windows 7. The vulnerability a…

CVE-2011-1889 is a critical memory corruption vulnerability in the NSPLookupServiceNext function of the Microsoft Forefront Threat Management Gateway (TMG) 2010…

CVE-2011-2005 is a local privilege escalation vulnerability in the Ancillary Function Driver (afd.sys) within Microsoft Windows XP SP2, SP3, and Server 2003 SP2…

CVE-2011-3402 is a remote code execution vulnerability in the TrueType font parsing engine within win32k.sys kernel-mode drivers across multiple legacy Microsof…

CVE-2012-0151 is a HIGH severity vulnerability in Microsoft Windows affecting versions XP through 8 Consumer Preview, caused by improper validation of signed PE…

CVE-2012-0158 is a remote code execution vulnerability in Microsoft MSCOMCTL.OCX ActiveX controls affecting Office 2003, 2007, 2010, SQL Server, BizTalk, Commer…

CVE-2012-1854 is an untrusted search path vulnerability affecting Microsoft Office 2003 SP3, 2007 SP2/SP3, 2010 Gold/SP1, and the Summit Microsoft Visual Basic …

CVE-2012-1856 is a remote code execution vulnerability in the TabStrip ActiveX control within MSCOMCTL.OCX, affecting various Microsoft Office, SQL Server, and …

CVE-2012-1889 is a memory corruption vulnerability in Microsoft XML Core Services versions 3.0 through 6.0, classified under CWE-787. It allows remote attackers…

CVE-2012-2539 is a vulnerability in Microsoft Word that has been added to CISA's Known Exploited Vulnerabilities catalog as of March 28, 2022, indicating it is …

CVE-2012-4792 is a high-severity use-after-free vulnerability (CWE-416) in Microsoft Internet Explorer 6 through 8, allowing remote code execution via crafted w…

CVE-2012-4969 is a high-severity use-after-free vulnerability (CWE-416) in Microsoft Internet Explorer 6 through 9, specifically within the CMshtmlEd::Exec func…

CVE-2013-0074 is a high-severity remote code execution vulnerability in Microsoft Silverlight 5 and 5 Developer Runtime versions prior to 5.1.20125.0 caused by …

CVE-2013-1331 is a high-severity buffer overflow vulnerability (CWE-120) affecting Microsoft Office 2003 SP3 and Office 2011 for Mac, allowing remote attackers …

CVE-2013-1347 is a memory corruption vulnerability in Microsoft Internet Explorer 8 caused by improper handling of allocated or deleted objects, allowing remote…

CVE-2013-2551 is a high-severity use-after-free vulnerability (CWE-416) affecting Microsoft Internet Explorer versions 6 through 10. It allows remote attackers …

CVE-2013-3163 is a high-severity memory corruption vulnerability in Microsoft Internet Explorer versions 8 through 10, allowing remote attackers to execute arbi…

CVE-2013-3660 is a memory corruption vulnerability in Microsoft Windows kernel-mode drivers (win32k.sys) affecting Windows XP through Server 2012. It stems from…

CVE-2013-3893 is a memory corruption vulnerability (CWE-416) in Microsoft Internet Explorer 6 through 11, specifically within the SetMouseCapture implementation…

CVE-2013-3896 is a vulnerability in Microsoft Silverlight that is actively exploited in the wild and listed on CISA's Known Exploited Vulnerabilities catalog. T…

CVE-2013-3897 is a memory corruption vulnerability in Microsoft Internet Explorer 6 through 11, specifically within the CDisplayPointer class of mshtml.dll. It …

CVE-2013-3900 is a remote code execution vulnerability in Microsoft Windows affecting the WinVerifyTrust function's handling of Authenticode signature verificat…

CVE-2013-3906 is a vulnerability in Microsoft Graphics Component that is actively exploited in the wild, as noted in CISA's Known Exploited Vulnerabilities cata…

CVE-2013-3918 is a memory corruption vulnerability (CWE-787) in the InformationCardSigninHelper ActiveX control within Microsoft Windows components, allowing re…

CVE-2013-5065 is a local privilege escalation vulnerability in the NDProxy.sys kernel driver affecting Microsoft Windows XP SP2/SP3 and Server 2003 SP2. The vul…

CVE-2013-7331 is a medium severity information disclosure vulnerability in the Microsoft.XMLDOM ActiveX control found in Microsoft Windows 8.1 and earlier versi…

CVE-2014-0322 is a high-severity use-after-free vulnerability (CWE-416) in Microsoft Internet Explorer 9 and 10, allowing remote code execution via crafted Java…

CVE-2014-1761 is a memory corruption vulnerability in Microsoft Word and related Office products that allows remote attackers to execute arbitrary code or cause…

CVE-2014-1776 is a critical use-after-free vulnerability in Microsoft Internet Explorer versions 6 through 11, classified under CWE-416. It allows remote attack…

CVE-2014-1812 is a high-severity vulnerability in Microsoft Windows Group Policy implementation affecting Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows…

CVE-2014-2817 is a high-severity elevation of privilege vulnerability affecting Microsoft Internet Explorer versions 6 through 11, allowing remote attackers to …

CVE-2014-4077 is a high-severity elevation of privilege vulnerability affecting Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 an…

CVE-2014-4113 is a local privilege escalation vulnerability in Microsoft Windows kernel-mode drivers (win32k.sys) affecting Windows Server 2003 SP2 through Wind…

CVE-2014-4114 is a critical vulnerability in Microsoft Windows that was actively exploited in the wild as of March 2022, appearing on CISA's Known Exploited Vul…

CVE-2014-4123 is a high-severity elevation of privilege vulnerability affecting Microsoft Internet Explorer versions 7 through 11, allowing remote attackers to …

CVE-2014-4148 is a remote code execution vulnerability in win32k.sys affecting multiple versions of Microsoft Windows, including Server 2003 SP2, Vista SP2, Win…

CVE-2014-6324 is a high-severity authentication bypass vulnerability in the Microsoft Windows Kerberos Key Distribution Center (KDC) affecting Windows Server 20…

CVE-2014-6332 is a vulnerability in Microsoft Windows that was added to CISA's Known Exploited Vulnerabilities catalog on 2022-03-25 and is actively exploited i…

CVE-2014-6352 is a remote code execution vulnerability in Microsoft Windows affecting versions from Vista SP2 through Windows RT 8.1, allowing attackers to exec…

CVE-2015-0016 is a directory traversal vulnerability in the TS WebProxy component of Microsoft Windows affecting versions from Vista SP2 through Windows RT 8.1,…

CVE-2015-0071 is a medium severity vulnerability in Microsoft Internet Explorer 9 through 11 that allows remote attackers to bypass ASLR protection via a crafte…

CVE-2015-1635 is a critical remote code execution vulnerability in Microsoft Windows HTTP.sys affecting Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Wi…

CVE-2015-1641 is listed on CISA's Known Exploited Vulnerabilities catalog as actively exploited in the wild, with a federal remediation deadline of 2022-05-03. …

CVE-2015-1642 is a vulnerability in Microsoft Office that is actively exploited in the wild, as indicated by its inclusion in CISA's Known Exploited Vulnerabili…

CVE-2015-1671 is a remote code execution vulnerability in the Windows DirectWrite library affecting various versions of Microsoft .NET Framework, Office, Lync, …

CVE-2015-1701 is a vulnerability in Microsoft Win32k that is actively exploited in the wild and listed on CISA's Known Exploited Vulnerabilities catalog. The vu…

CVE-2015-1769 is a privilege escalation vulnerability in Microsoft Windows Mount Manager caused by mishandling of symlinks. It allows physically proximate attac…

CVE-2015-1770 is a high-severity uninitialized memory use vulnerability in Microsoft Office 2013 SP1 and 2013 RT SP1 that allows remote attackers to execute arb…

CVE-2015-2360 is a high-severity memory corruption vulnerability in Microsoft Windows win32k.sys affecting multiple legacy versions including Windows Server 200…

CVE-2015-2387 is a vulnerability in Microsoft's ATM Font Driver that has been added to CISA's Known Exploited Vulnerabilities catalog as actively exploited in t…

CVE-2015-2419 is a memory corruption vulnerability in JScript 9 within Microsoft Internet Explorer 10 and 11, allowing remote attackers to execute arbitrary cod…

CVE-2015-2424 is a memory corruption vulnerability in Microsoft Office versions including PowerPoint and Word 2007, 2010, and 2013, allowing remote code executi…

CVE-2015-2425 is a high-severity memory corruption vulnerability in Microsoft Internet Explorer 11 that allows remote attackers to execute arbitrary code or cau…

CVE-2015-2426 is a buffer underflow vulnerability in the Windows Adobe Type Manager Library (atmfd.dll) affecting multiple Windows versions including Vista, 7, …

CVE-2015-2502 is a memory corruption vulnerability in Microsoft Internet Explorer versions 7 through 11, classified under CWE-787. It allows remote attackers to…

CVE-2015-2545 is a remote code execution vulnerability in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 caused by processing a crafted EPS imag…

CVE-2015-2546 is a memory corruption vulnerability in the Microsoft Windows win32k kernel-mode driver affecting multiple versions of Windows from Vista SP2 thro…

CVE-2015-6175 is a local privilege escalation vulnerability in the Microsoft Windows 10 Gold kernel, allowing local users to gain elevated privileges via a craf…

CVE-2016-0034 is a remote code execution vulnerability in Microsoft Silverlight 5 prior to version 5.1.41212.0 caused by mishandling negative offsets during dec…

CVE-2016-0040 is a local privilege escalation vulnerability affecting the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows…