Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Filter

6665 total CVE
CVE Vendors Products Updated CVSS
CVE-2008-2949 1 Microsoft 1 Ie 2011-03-08 6.8
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as...
CVE-2008-2948 1 Microsoft 2 Internet Explorer, Ie 2011-03-08 6.8
Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from a different domain to observe domain-independent events, as...
CVE-2007-5355 1 Microsoft 1 Ie 2011-03-08 5.8
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS...
CVE-2010-4588 1 Microsoft 1 Wmi Administrative Tools 2011-01-19 9.3
The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier allows remote attackers to execute arbitrary code via a crafted argument to the ReleaseContext method, a different vector than CVE-2010-3973,...
CVE-2010-3141 1 Microsoft 1 Powerpoint 2010-11-11 9.3
Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder...
CVE-2010-4182 1 Microsoft 4 Windows Xp, Windows 2003 Server, Windows Vista and 1 more 2010-11-05 9.3
Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local...
CVE-2010-3888 1 Microsoft 1 Windows 2010-10-11 7.2
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
CVE-2010-2739 1 Microsoft 5 Windows Server 2008, Windows Xp, Windows 2003 Server and 2 more 2010-09-08 7.2
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly...
CVE-2010-2442 1 Microsoft 1 Ie 2010-06-25 4.3
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."
CVE-2010-2085 1 Microsoft 1 .net Framework 2010-05-28 4.3
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
CVE-2010-2088 1 Microsoft 1 Asp.net 2010-05-28 4.3
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
CVE-2010-2084 1 Microsoft 1 Asp.net 2010-05-28 4.3
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
CVE-2010-2083 1 Microsoft 1 Dynamics Gp 2010-05-27 4.0
Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2010-2011 1 Microsoft 1 Dynamics Gp 2010-05-24 4.0
Microsoft Dynamics GP uses a substitution cipher to encrypt the system password field and unspecified other fields, which makes it easier for remote authenticated users to obtain sensitive information by decrypting a field's contents.
CVE-2010-1852 1 Microsoft 1 Ie 2010-05-10 4.3
Microsoft Internet Explorer, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches...
CVE-2010-1127 1 Microsoft 1 Ie 2010-03-29 5.0
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted...
CVE-2010-0652 1 Microsoft 1 Ie 2010-02-19 4.3
Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information...
CVE-2001-1539 1 Microsoft 1 Ie 2010-01-08 5.0
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not...
CVE-2008-7217 1 Microsoft 1 Office 2009-09-14 4.6
Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access...
CVE-2009-2196 2 Microsoft, Apple 5 Mac Os X, Windows Xp, Mac Os X Server and 2 more 2009-08-18 5.0
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.