CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2014-0279 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.
1252 CVE-2014-0278 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.
1253 CVE-2014-0277 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.
1254 CVE-2014-0276 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1255 CVE-2014-0275 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.
1256 CVE-2014-0274 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.
1257 CVE-2014-0273 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.
1258 CVE-2014-0272 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1259 CVE-2014-0271 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
1260 CVE-2014-0270 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.
1261 CVE-2014-0269 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1262 CVE-2014-0267 119 DoS Exec Code Overflow Mem. Corr. 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290.
1263 CVE-2014-0263 119 Exec Code Overflow Mem. Corr. 2014-02-12 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."
1264 CVE-2014-0260 119 DoS Exec Code Overflow Mem. Corr. 2014-01-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
1265 CVE-2014-0259 119 DoS Exec Code Overflow Mem. Corr. 2014-01-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
1266 CVE-2014-0258 119 DoS Exec Code Overflow Mem. Corr. 2014-01-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."
1267 CVE-2014-0257 20 1 Exec Code 2014-02-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
1268 CVE-2014-0251 94 Exec Code 2014-05-14 2018-10-12
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
1269 CVE-2013-5056 416 DoS Exec Code Mem. Corr. 2013-12-11 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
1270 CVE-2013-5052 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1271 CVE-2013-5051 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1272 CVE-2013-5049 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1273 CVE-2013-5048 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.
1274 CVE-2013-5047 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.
1275 CVE-2013-3940 190 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability."
1276 CVE-2013-3918 119 DoS Exec Code Overflow 2013-11-12 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
1277 CVE-2013-3917 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3915.
1278 CVE-2013-3916 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912.
1279 CVE-2013-3915 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917.
1280 CVE-2013-3914 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1281 CVE-2013-3912 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916.
1282 CVE-2013-3911 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1283 CVE-2013-3910 119 DoS Exec Code Overflow Mem. Corr. 2013-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1284 CVE-2013-3906 94 1 Exec Code 2013-11-06 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compatibility Pack SP3; and Lync 2010, 2010 Attendee, 2013, and Basic 2013 allows remote attackers to execute arbitrary code via a crafted TIFF image, as demonstrated by an image in a Word document, and exploited in the wild in October and November 2013.
1285 CVE-2013-3897 399 DoS Exec Code Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
1286 CVE-2013-3894 94 Exec Code 2013-10-09 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability."
1287 CVE-2013-3893 399 Exec Code 2013-09-18 2021-05-17
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
1288 CVE-2013-3892 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
1289 CVE-2013-3891 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."
1290 CVE-2013-3890 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
1291 CVE-2013-3889 119 Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; Office Compatibility Pack SP3; and Excel Services and Word Automation Services in SharePoint Server 2013 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."
1292 CVE-2013-3886 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1293 CVE-2013-3885 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3882.
1294 CVE-2013-3882 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3873, and CVE-2013-3885.
1295 CVE-2013-3875 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1296 CVE-2013-3874 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1297 CVE-2013-3873 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3872, CVE-2013-3882, and CVE-2013-3885.
1298 CVE-2013-3872 20 DoS Exec Code Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3873, CVE-2013-3882, and CVE-2013-3885.
1299 CVE-2013-3871 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
1300 CVE-2013-3870 399 Exec Code 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."
Total number of vulnerabilities : 2137   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.