| 8! | Microsoft Internet Explorer multiple security vulnerabilities
|
 | | Code execution, information leakage. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities. |
| 7! | Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
|
| | SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage. |
| 9! | Microsoft .Net multiple security vulnerabilities
|
| | DoS, multiple vulnerabilities in forms authentication. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011
|
| | Information leakage, insecure library loading. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011
|
| | Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution. |
| 9! | Microsoft Windows win32k.sys memory corruption
|
| | Integer overflow on the frame with large height. |
| 6! | Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010
|
| | If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory. |
| | Microsoft Windows Media memory corruption
|
| | Memory corruption on .dvr-ms files parsing. |
| | Microsoft Windows DoS
|
| | Crash on TTF fonts parsing. |
| 10! | Microsoft Windows kernel UDP processing integer overflow
|
| | Integer overflow leads to code execution via the flow of UDP packets to closed port. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.10.2011
|
| | Multiple memory corruptions with code execution. |
| 6! | Microsoft .Net / Silverlight code execution
|
| | It's possible to escape from sandbox. |
| 7! | Microsoft Windows multiple security vulnerabilities
|
| | Active Accessibility and Media Center insecure DLL loading |
| 6! | DigiNotar fraudulent certificates
updated since 01.09.2011
|
| | Well known domain names certificates were issued to untrusted party. |
| | Microsoft Windows DHCPv6 DoS
|
| | RPC crashes on DHCP reply with empty Domain Search List. |
| 8! | Microsoft Windows multiple security vulnerabilities
|
| | NDISTAPI service and CSRSS privilege escalations, kernel DoS, TCP/IP DoS, RDP DoS, .Net information disclosure. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, crossite data access, code execution. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.06.2011
|
| | mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage. |
| 7! | Microsoft Windows multiple security vulnerabilities
|
| | Uninitialized memory reference in Bluetooth stack, multiple memory handling vulnerabilities in Windows kernel, multiple privilege escalations in CSRSS. |
| 8! | Microsoft Windows multiple security vulnerabilities
updated since 15.06.2011
|
| | Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation. |
| 8! | Microsoft .Net Framework multiple security vulnerabilities
|
| | Array index overflow, JIT compiler code execution. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 13.04.2011
|
| | SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stack overflow in OpenType fonts parsing, multiple drivers vulnerabilities. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.04.2011
|
| | Multiple memory corruptions and information leaks. |
| | Multiple systems ICMPv6 flood DoS
|
| | router announcement packets flood resourceds exhaustion |
| | Windows help system buffer overflow
|
| | Buffer overflow on CHM files parsing. |
| 6! | Multiple ActiveX components security vulnerabilities
|
| | kill bit update for multiple components of different vendors. |
| 6! | Microsoft Windows multiple security vulnerabilities
|
| | Unsafe library loading, code execution with .dvr-ms files. |
| 6! | Microsoft Windows application policy bypass
|
| | It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro. |
| 8! | Microsoft Windows multiple security vulnerabilities
updated since 08.02.2011
|
| | Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.02.2011
|
| | Multiple memory corruptions, unsafe DLL loading. |
| 9! | Microsoft IIS FTP Server buffer overflow
|
| | Heap buffer overflow. |
| | Microsoft Fax Cover Page Editor double free vulnerability
|
| | Double free vulnerability on .cov files parsing. |
| | Microsoft ADO security vulnerabilities
|
| | Buffer overflow, memory corruption. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2010
|
| | Crossite data access, multiple memory corruptions. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | OpenType Font parsing memory corruption, task scheduler privilege escalation, usafe DLL loading, multiple kernel vulnerabilities, Consent User Interface privilege escalation, Netlogon DoS. |
| | Microsoft Windows hidden administrative group membership
|
| | It's possible to include user's account into administrative group without direct group membership. |
| 6! | Microsoft Windows Wordpad / Windows Shell code execution
|
| | Code execution via embedded COM object. |
| | Windows Media Player memory corruption
|
| | Memory corruption if page with WMP ActiveX is reloaded. |
| 6! | Media Player Network Sharing memory corruption
|
| | Use-after-free vulneraebility on RTSP request parsing. |
| 6! | Microsoft Sharepoint SafeHTML crossite scripting
|
| | Few crossite scripting possibilities. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, cross domain information disclosure. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS. |
| 9! | Microsoft Internet Information Services multiple security vulnerabilities
|
| | Authentication bypass, buffer overflow, DoS. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 15.09.2010
|
| | Privilege escalation and code execution in spooler services,memory corruption in MPEG-4 codec, memroy corruption in RPC, privilege escalation in LSA, privilege escalation in CSRSS subsystem, WordPad memory corruption. |
| | Multiple browsers certificates validation weakness
|
| | Wildmasks in certificates issued to IP address are enabled. |
| 6! | Microsoft Windows Kerberos tickets spoofing
|
| | It's possible to logon with any account by manipulating network traffic. |
| 7! | Microsoft .Net and Silverlight security vulnerabilities
|
| | Memory corruption, code execution. |
| | Microsoft Windows Tracing Feature for Services security vulnerabilities
|
| | Weak permissions on registry keys, buffer overflow on registry keys reading. |
| 6! | Microsoft Windows TCP/IP stack security vulnerabilities
|
| | DoS, privilege escalation. |
| | Microsoft Windows Cinepak codec memory corruption
|
| | Memory corruption on data decompression. |
| 7! | Microsoft Windows SMB/CIFS service multiple security vulnerabilities
|
| | Buffer overflow, privilege escalation, DoS. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, crossite access. |
| 8! | Microsoft XML Core Services memory corruption
|
| | Memory corruption on server's response pasrsing in XMLHTTP. |
| 6! | Microsoft Windows kernel multiple security vulnerabilities
updated since 10.08.2010
|
| | Memory corruptions, privilege escalations, DoS. |
| 6! | Microsoft Windows shortcuts code execution
|
| | Code execution on shortcut icon displaying. |
| | Microsoft ClickOnce technology insufficient security
|
| | Installation of unsigned elements is allowed. |
| 7! | Microsoft Windows Canonical Display integer overflow
|
| | Integer overflow on image displaying. |
| | Microsoft Windows CHM files protection bypass
|
| | It's possible to bypass CHM file locking protection for file downloaded from Internet. |
| 6! | Microsoft Windows win32k privilege escalation
updated since 08.06.2010
|
| | Multiple memory corruptions. |
| 6! | Microsoft .Net XML signing protection bypass
|
| | Only part of signature is compared in case of incomplete HMAC. |
| 6! | Microsoft Windows OpenType Compact Font Format driver memory corruption
|
| | Memory corruption on IOCTL processing. |
| | Microsoft IIS memory corruption
|
| | Memory corruption if Extended Protection for Authentication is enabled. |
| 7! | Code execution with multiple ActiveX components in Microsoft Windows
updated since 08.06.2010 |
| | | |
| 7! | Microsoft Windows media files parsing memroy corruption
|
| | Memory corruption on JPEG / MJPEG parsing. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Crossite scripting, information leakage, multiple memory corruptions. |
| | Multiple browsers DoS
updated since 20.05.2010
|
| | Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI. |
| | Microsoft Internet Explorer information leak
|
| | It's possible to access external UNC location via ICMFilter option, leaking authentication information. |
| | Microsoft Windows Mail / Outlook Express integer overflow
|
| | Integer overflow on POP3 or IMAP server reply parsing. |
| | Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS
|
| | Large buffer within <marquee> tag causes browser to crash. |
| 7! | Microsoft SMB client multiple security vulnerabilities
updated since 10.02.2010
|
| | Memory corruptions, race conditions. |
| 6! | Microsoft Windows kernel multiple privilege escalations
|
| | Multiple DoS conditions, race conditions, memory corruptions. |
| 8! | Microsoft Windows file signature spoofing
|
| | Signature spoofing in PE and CAB files. |
| 8! | Microsoft Internet Explorer memory corruption
|
| | Memory corruption on XML/HTML processing. |
| | Microsoft Virtual PC protection bypass
|
| | Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system. |
| 6! | Microsoft Windows kernel privilege escalation
|
| | Double free() vulnerability, exception handler vulnerability. |
| 6! | Microsoft DirectShow buffer overflow
|
| | Buffer overflow on AVI parsing. |
| 7! | Microsoft Windows SMB server multiple security vulnerabilities
|
| | Memory corruptions, buffer overflow, DoS conditions, cryptography weakness. |
| 7! | Microsoft Data Analyzer ActiveX Control memory corruption |
| | | |
| 8! | Microsoft Internet Explorer information leak
|
| | It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. |
| 8! | Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
|
| | 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement">
<img src=. onerror="ev=createEventObject(event); outerHTML++">,
Multiple memory corruptions.
|
| 6! | Microsoft IIS protection bypass
|
| | It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
|
| | Multiple memory corruptions, code execution. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
|
| | Multiple memory corruptions. |
| 8! | Microsoft .Net multiple security vulnerabilities
|
| | Multiple vulnerabilities allow escape from sandbox environment. |
| 6! | Microsoft CryptoAPI certificate spoofing
|
| | Certificate name spoofing with NULL byte. |
| 9! | Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
|
| | Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing |
| 6! | Microsoft Windows LSA DoS
|
| | Crash on NTLM authentication parsing. |
| | |
