Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-11-10 CVE-2016-7231 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7230 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office web Apps, Powerpoint and Powerpoint Viewer
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7229 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7228 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Excel for mac and Office Compatibility Pack
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-11-10 CVE-2016-7227 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-11-10 CVE-2016-7226 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7225 Improper Access Control vulnerability in Microsoft Windows 10 and Windows Server 2016
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7224 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7223 Improper Access Control vulnerability in Microsoft products
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-284
6.1
2016-11-10 CVE-2016-7222 7PK - Security Features vulnerability in Microsoft Windows 10 and Windows Server 2016
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-254
7.8