Computer Security
[EN] securityvulns.ru
no-pyccku

  

See also
  MICROSOFT : Windows Essentials 2012
  MICROSOFT : Windows Essentials 2011
  MICROSOFT : Windows 2012 Server
  MICROSOFT : Windows RT
  MICROSOFT : Windows 2012 Server
  MICROSOFT : Windows 8
  MICROSOFT : Windows SharePoint Services 3.0
  MAPTOOLS : Mapserver for Windows 3.0
  MICROSOFT : Windows 2008 Server_
  MICROSOFT : Windows 2000
  MICROSOFT : Windows Messenger 4.7
  MICROSOFT : Windows 2008 Server
  MICROSOFT : Windows Windows 2008 Server
  MICROSOFT : Windows Windows 2003 Server
  MICROSOFT : Windows 2008 Server
Name:MICROSOFT : Windows 7

9!Microsoft Windows multiple security vulnerabilities
document Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation.
7!Microsoft Windows multiple security vulnerabilities
document Windows Media Center use-after-free, drivers privilege escalation, .Net restriction bypass and DoS, LRPC restriction bypass, Windows Installer service privilege escalation, Internet Explorer multiple security vulnerabilities, Task Scheduler privilege escalation.
8!Microsoft Windows multiple security vulnerabilities
updated since 14.07.2014
document RDP weak encryption, TCP DoS, XML libraries information leakage, graphics libraries memory corruptions, Windows Journal memory corruptions, virtual keyboard privilege escalation, ADF privilege escalation, DirectoShow privilege escalation, Microsoft Service Bus DoS, multiple Internet Explorer vulnerabilities.
7!Microsoft Windows multiple security vulnerabilities
document Windows File Handling code execution, Group Policy Preferences privileges escalation. .Net privileges escalation. Windows Shell privileges escalation. iSCSI DoS.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
9!Microsoft Internet Explorer use-after-free vulnerability
document VGX.DLL use-after-free vulnerability is actively exploitd in-the-wild.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2014
document Multiple memory corruptions, crossite access, privilege escalation.
8!Microsoft Windows multiple security vulnerabilities
document DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
8!Microsoft Windows multiple security vulnerabilities
document XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution.
6!Microsoft Windows security vulnerabilities
document Privilege escalations via NDProxy and win32k.
9!Microsoft Windows multiple security vulnerabilities
updated since 16.12.2013
document Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruption and privilege escalations.
8!Microsoft Windows multiple security vulnerabilities
document GDI integer overflow, InformationCardSigninHelper ActiveX code execution, AFD driver information leak, X.509 certificates DoS, Hyper-V privilege escalation.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple information leaks and memory corruptions.
8!Microsoft Windows multiple security vulnerabilities
updated since 09.10.2013
document .Net code execution, comctl32.dll integer overflow.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruption.
8!Microsoft Windows multiple security vulnerabilities
document OLE code execution, Windows Theme files code execution, kernel mode drivers privilege escalation, SCM privilege escalation, Acrive Directory DoS.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
8!Microsoft Windows multiple security vulnerabilities
updated since 14.08.2013
document Unicode Scripts Processor memory corruption, RPC privilege escalation, kernel protection bypass and memory corruptions, IPv6 and NAT DoS.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.08.2013
document Protection bypass, crossite scripting, memory corruptions.
9!Microsoft Windows multiple security vulnerabilities
updated since 10.07.2013
document Multiple vulnerabilities in .Net and Silverlight, multiple kernel components vulnerabilities, GDI+ TrueType parsing memory corruption, DirectShow memory corruption, VMW parsing memory corruption, multiple Internet Explorer memory corruption, Windows Defender privilege escalation.
 Microsoft Windows information leakage
document It's possible to recover administrator's password used during system installation.
7!Microsoft Windows multiple security vulnerabilities
document Kernel information leakage, drivers DoS, print spooler privilege escalation.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
7!Microsoft Windows multiple security vulnerabilities
document http.sys DoS, multiple kernel privilege escalations, .Net signature spoofing and authorization bypass.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Information leakage, multiple use-after-free vulnerabilities
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.04.2013
document Use-after-free vulnerabilities.
 Microsoft Active Directory DoS
document Memory exhaustion.
7!Microsoft Windows multiple security vulnerabilities
document Multiple privilege escalations in kernel, CSRSS and drivers.
7!Microsoft Remote Desktop Connection Client ActiveX code execution
document Use-after-free in ActiveX
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.03.2013
document Multiple use-after-free vulnerabilities.
 Microsoft Windows USB devices privilege escalation
updated since 13.03.2013
document Few different vulnerabilities on USB device plugging with ability of code execution.
8!Microsoft Windows multiple security vulnerabilities
updated since 14.02.2013
document Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Information leakage, multiple use-after-free vulnerabilities, VML memory corruption.
8!Microsoft Internet Explorer use-after-free vulnerabilities
document Use-after-free vulnerability in CButton is actively used in-the-wild.
8!Microsoft Windows multiple security vulnerabilities
document Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.
 Microsoft Internet Explorer stack overflow
document Stack overrun on malformed tags sequence.
9!Microsoft Windows multiple security vulnerabilities
document Buffer overflow on OpenType and TrueType fonts parsing, memory corruption on filname handling, DirectPlay buffer overflow, DirectAccess IP-HTTPS insufficient certificate check.
7!Microsoft Internet Explorer multiple security vulnerabilities
document Few use-after-free vulnerabilities.
 Internet Explorer information leakage
document Page can track any mouse movements, even behind the page.
 Microsoft Internet Information Services security vulnerabilities
document log files information leakage, FTP STARTTLS session command injection.
8!Microsoft Windows security vulnerabilities
document Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations.
7!Microsoft Internet Explorer multiple security vulnerabilities
document Few different use-after-free vulnerabilities.
9!Microsoft Internet Explorer memory corruption
updated since 19.09.2012
document Use-after-free vulnereability is actively used in-the-wild to install malware.
7!Microsoft Windows kernel integer overflow
document Kernel integer overflow leads to privilege escalation.
6!Microsoft Windows kerberos server DoS
document NULL pointer dereference on authentication request.
9!Microsoft Windows multiple security vulnerabilities
updated since 11.07.2012
document Microsoft XML Services memory corruption, ADO memory corruption, kernel drivers vulnerabilities, Window Shell command injection, TLS vulnerabilities
8!Microsoft Internet Explorer multiple security vulnerabilities
document Memory corruptions, integer overflow, function pointer corruption.
9!Microsoft Windows multiple security vulnerabilities
updated since 09.05.2012
document TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc.
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.06.2012
document Multiple memory corruptions, code executions, information leakage.
6!Microsoft IIS protection bypass
document Password protection bypass, script files content access.
8!Microsoft Remote Desktop memory corruption
document Memory corruption on RDP packets processing.
 Opera / Mozilla / Internet Explorer DoS
updated since 12.02.2010
document Large number of nested tags leads to buffer overflow.
7!Microsoft Windows multiple security vulnerabilities
updated since 11.04.2012
document MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 11.04.2012
document Multple vulnerabilities allow remote code execution.
9!Microsoft .Net multiple security vulnerabilities
updated since 02.01.2012
document DoS, multiple vulnerabilities in forms authentication.
8!Microsoft Windows multiple security vulnerabilities
document Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS.
9!Microsoft Windows multiple security vulnerabilities
updated since 15.02.2012
document GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.02.2012
document Code execution, information leakage.
7!Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
document SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage.
6!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011
document Information leakage, insecure library loading.
9!Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011
document Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution.
9!Microsoft Windows win32k.sys memory corruption
document Integer overflow on the frame with large height.
6!Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010
document If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory.
 Microsoft Windows Media memory corruption
document Memory corruption on .dvr-ms files parsing.
 Microsoft Windows DoS
document Crash on TTF fonts parsing.
10!Microsoft Windows kernel UDP processing integer overflow
document Integer overflow leads to code execution via the flow of UDP packets to closed port.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.10.2011
document Multiple memory corruptions with code execution.
6!Microsoft .Net / Silverlight code execution
document It's possible to escape from sandbox.
7!Microsoft Windows multiple security vulnerabilities
document Active Accessibility and Media Center insecure DLL loading
6!DigiNotar fraudulent certificates
updated since 01.09.2011
document Well known domain names certificates were issued to untrusted party.
 Microsoft Windows DHCPv6 DoS
document RPC crashes on DHCP reply with empty Domain Search List.
8!Microsoft Windows multiple security vulnerabilities
document NDISTAPI service and CSRSS privilege escalations, kernel DoS, TCP/IP DoS, RDP DoS, .Net information disclosure.
9!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions, crossite data access, code execution.
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.06.2011
document mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage.
7!Microsoft Windows multiple security vulnerabilities
document Uninitialized memory reference in Bluetooth stack, multiple memory handling vulnerabilities in Windows kernel, multiple privilege escalations in CSRSS.
8!Microsoft Windows multiple security vulnerabilities
updated since 15.06.2011
document Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation.
8!Microsoft .Net Framework multiple security vulnerabilities
document Array index overflow, JIT compiler code execution.
9!Microsoft Windows multiple security vulnerabilities
updated since 13.04.2011
document SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stack overflow in OpenType fonts parsing, multiple drivers vulnerabilities.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.04.2011
document Multiple memory corruptions and information leaks.
 Multiple systems ICMPv6 flood DoS
document router announcement packets flood resourceds exhaustion
 Windows help system buffer overflow
document Buffer overflow on CHM files parsing.
6!Multiple ActiveX components security vulnerabilities
document kill bit update for multiple components of different vendors.
6!Microsoft Windows multiple security vulnerabilities
document Unsafe library loading, code execution with .dvr-ms files.
6!Microsoft Windows application policy bypass
document It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro.
8!Microsoft Windows multiple security vulnerabilities
updated since 08.02.2011
document Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak.
8!Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.02.2011
document Multiple memory corruptions, unsafe DLL loading.
9!Microsoft IIS FTP Server buffer overflow
document Heap buffer overflow.
 Microsoft Fax Cover Page Editor double free vulnerability
document Double free vulnerability on .cov files parsing.
 Microsoft ADO security vulnerabilities
document Buffer overflow, memory corruption.
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2010
document Crossite data access, multiple memory corruptions.
9!Microsoft Windows multiple security vulnerabilities
document OpenType Font parsing memory corruption, task scheduler privilege escalation, usafe DLL loading, multiple kernel vulnerabilities, Consent User Interface privilege escalation, Netlogon DoS.
 Microsoft Windows hidden administrative group membership
document It's possible to include user's account into administrative group without direct group membership.
6!Microsoft Windows Wordpad / Windows Shell code execution
document Code execution via embedded COM object.
 Windows Media Player memory corruption
document Memory corruption if page with WMP ActiveX is reloaded.
6!Media Player Network Sharing memory corruption
document Use-after-free vulneraebility on RTSP request parsing.
6!Microsoft Sharepoint SafeHTML crossite scripting
document Few crossite scripting possibilities.
9!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions, cross domain information disclosure.
9!Microsoft Windows multiple security vulnerabilities
document Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS.
9!Microsoft Internet Information Services multiple security vulnerabilities
document Authentication bypass, buffer overflow, DoS.
9!Microsoft Windows multiple security vulnerabilities
updated since 15.09.2010
document Privilege escalation and code execution in spooler services,memory corruption in MPEG-4 codec, memroy corruption in RPC, privilege escalation in LSA, privilege escalation in CSRSS subsystem, WordPad memory corruption.
 Multiple browsers certificates validation weakness
document Wildmasks in certificates issued to IP address are enabled.
6!Microsoft Windows Kerberos tickets spoofing
document It's possible to logon with any account by manipulating network traffic.
7!Microsoft .Net and Silverlight security vulnerabilities
document Memory corruption, code execution.
 Microsoft Windows Tracing Feature for Services security vulnerabilities
document Weak permissions on registry keys, buffer overflow on registry keys reading.
6!Microsoft Windows TCP/IP stack security vulnerabilities
document DoS, privilege escalation.
 Microsoft Windows Cinepak codec memory corruption
document Memory corruption on data decompression.
7!Microsoft Windows SMB/CIFS service multiple security vulnerabilities
document Buffer overflow, privilege escalation, DoS.
9!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions, crossite access.
8!Microsoft XML Core Services memory corruption
document Memory corruption on server's response pasrsing in XMLHTTP.
6!Microsoft Windows kernel multiple security vulnerabilities
updated since 10.08.2010
document Memory corruptions, privilege escalations, DoS.
6!Microsoft Windows shortcuts code execution
document Code execution on shortcut icon displaying.
 Microsoft ClickOnce technology insufficient security
document Installation of unsigned elements is allowed.
7!Microsoft Windows Canonical Display integer overflow
document Integer overflow on image displaying.
 Microsoft Windows CHM files protection bypass
document It's possible to bypass CHM file locking protection for file downloaded from Internet.
6!Microsoft Windows win32k privilege escalation
updated since 08.06.2010
document Multiple memory corruptions.
6!Microsoft .Net XML signing protection bypass
document Only part of signature is compared in case of incomplete HMAC.
6!Microsoft Windows OpenType Compact Font Format driver memory corruption
document Memory corruption on IOCTL processing.
 Microsoft IIS memory corruption
document Memory corruption if Extended Protection for Authentication is enabled.
7!Code execution with multiple ActiveX components in Microsoft Windows
updated since 08.06.2010
   
7!Microsoft Windows media files parsing memroy corruption
document Memory corruption on JPEG / MJPEG parsing.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Crossite scripting, information leakage, multiple memory corruptions.
 Multiple browsers DoS
updated since 20.05.2010
document Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI.
 Microsoft Internet Explorer information leak
document It's possible to access external UNC location via ICMFilter option, leaking authentication information.
 Microsoft Windows Mail / Outlook Express integer overflow
document Integer overflow on POP3 or IMAP server reply parsing.
 Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS
document Large buffer within <marquee> tag causes browser to crash.
7!Microsoft SMB client multiple security vulnerabilities
updated since 10.02.2010
document Memory corruptions, race conditions.
6!Microsoft Windows kernel multiple privilege escalations
document Multiple DoS conditions, race conditions, memory corruptions.
8!Microsoft Windows file signature spoofing
document Signature spoofing in PE and CAB files.
8!Microsoft Internet Explorer memory corruption
document Memory corruption on XML/HTML processing.
 Microsoft Virtual PC protection bypass
document Invalid memory regions protection for memory >2GB allows to bypass Windows memory protection techniques for guest system.
6!Microsoft Windows kernel privilege escalation
document Double free() vulnerability, exception handler vulnerability.
6!Microsoft DirectShow buffer overflow
document Buffer overflow on AVI parsing.
7!Microsoft Windows SMB server multiple security vulnerabilities
document Memory corruptions, buffer overflow, DoS conditions, cryptography weakness.
7!Microsoft Data Analyzer ActiveX Control memory corruption
   
8!Microsoft Internet Explorer information leak
document It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag.
8!Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
document 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement"> <img src=. onerror="ev=createEventObject(event); outerHTML++">, Multiple memory corruptions.
6!Microsoft IIS protection bypass
document It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file.
9!Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
document Multiple memory corruptions, code execution.
7!Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
document Multiple memory corruptions.
8!Microsoft .Net multiple security vulnerabilities
document Multiple vulnerabilities allow escape from sandbox environment.
6!Microsoft CryptoAPI certificate spoofing
document Certificate name spoofing with NULL byte.
9!Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
document Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing
6!Microsoft Windows LSA DoS
document Crash on NTLM authentication parsing.
                    

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru