Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows Vista
Subscriptions
Total
1348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3477 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." | ||||
| CVE-2008-3465 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more | 2025-04-09 | 9.8 Critical |
| Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." | ||||
| CVE-2008-3014 | 1 Microsoft | 14 Digital Image Suite, Forefront Client Security, Internet Explorer and 11 more | 2025-04-09 | N/A |
| Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." | ||||
| CVE-2008-3013 | 1 Microsoft | 13 Digital Image Suite, Forefront Client Security, Internet Explorer and 10 more | 2025-04-09 | N/A |
| gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." | ||||
| CVE-2008-6819 | 1 Microsoft | 2 Windows 2003 Server, Windows Vista | 2025-04-09 | N/A |
| win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-2326 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | N/A |
| mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | ||||
| CVE-2008-1436 | 1 Microsoft | 5 Windows-nt, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | ||||
| CVE-2007-1765 | 2 Avaya, Microsoft | 10 Definity One Media Server, Ip600 Media Servers, S3400 and 7 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. | ||||
| CVE-2007-3091 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more | 2025-04-09 | N/A |
| Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." | ||||
| CVE-2008-5821 | 2 Apple, Microsoft | 2 Safari, Windows Vista | 2025-04-09 | N/A |
| Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | ||||
| CVE-2008-4510 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | N/A |
| Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | ||||
| CVE-2007-3750 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. | ||||
| CVE-2007-1209 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | N/A |
| Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. | ||||
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2025-04-09 | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | ||||
| CVE-2008-2250 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." | ||||
| CVE-2008-2249 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." | ||||
| CVE-2008-2010 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2008-4269 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-09 | N/A |
| The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." | ||||
| CVE-2007-1499 | 1 Microsoft | 3 Ie, Windows Vista, Windows Xp | 2025-04-09 | N/A |
| Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | ||||
| CVE-2007-1534 | 1 Microsoft | 1 Windows Vista | 2025-04-09 | N/A |
| DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. | ||||