Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-5720 Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.
local
low complexity
microsoft CWE-264
7.8
2017-01-10 CVE-2017-0004 Improper Input Validation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
7.5
2017-01-10 CVE-2017-0003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Sharepoint Enterprise Server and Word
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2017-01-10 CVE-2017-0002 Unspecified vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
network
low complexity
microsoft
8.8
2016-12-20 CVE-2016-7300 Untrusted Search Path vulnerability in Microsoft Auto Updater for mac
Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-426
7.8
2016-12-20 CVE-2016-7298 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office and Word Viewer
Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-12-20 CVE-2016-7297 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296.
network
high complexity
microsoft CWE-119
7.5
2016-12-20 CVE-2016-7296 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297.
network
high complexity
microsoft CWE-119
7.5
2016-12-20 CVE-2016-7295 Information Exposure vulnerability in Microsoft products
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-12-20 CVE-2016-7292 Data Processing Errors vulnerability in Microsoft products
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-19
7.8