Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 7
Subscriptions
Total
3090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0263 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2025-04-11 | N/A |
| The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability." | ||||
| CVE-2010-0245 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. | ||||
| CVE-2010-0250 | 1 Microsoft | 4 Windows 7, Windows Server 2008, Windows Vista and 1 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability." | ||||
| CVE-2013-1339 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2025-04-11 | N/A |
| The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability." | ||||
| CVE-2010-0269 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability." | ||||
| CVE-2013-1712 | 2 Microsoft, Mozilla | 7 Windows 7, Windows 8, Windows Server 2008 and 4 more | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. | ||||
| CVE-2012-0011 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | ||||
| CVE-2010-0490 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2010-0492 | 1 Microsoft | 8 Ie, Internet Explorer, Windows 2003 Server and 5 more | 2025-04-11 | 8.1 High |
| Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | ||||
| CVE-2010-0528 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2025-04-11 | N/A |
| Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and a crafted length value. | ||||
| CVE-2010-0811 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability." | ||||
| CVE-2010-1384 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Safari and 3 more | 2025-04-11 | N/A |
| Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | ||||
| CVE-2013-2553 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912. | ||||
| CVE-2013-2554 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | N/A |
| Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787. | ||||
| CVE-2010-1412 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events. | ||||
| CVE-2013-3154 | 1 Microsoft | 3 Windows 7, Windows Defender, Windows Server 2008 | 2025-04-11 | N/A |
| The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." | ||||
| CVE-2013-3138 | 1 Microsoft | 5 Windows 7, Windows 8, Windows Rt and 2 more | 2025-04-11 | N/A |
| Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability." | ||||
| CVE-2013-3186 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2025-04-11 | N/A |
| The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka IL) protection mechanism, which allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process, aka "Process Integrity Level Assignment Vulnerability." | ||||
| CVE-2010-1782 | 3 Apple, Microsoft, Redhat | 8 Mac Os X, Mac Os X Server, Safari and 5 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element. | ||||
| CVE-2013-3888 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 8.4 High |
| dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." | ||||