Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2016-12-20 CVE-2016-7263 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel for mac 2011/2016
Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-12-20 CVE-2016-7262 Unspecified vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
local
low complexity
microsoft
7.8
2016-12-20 CVE-2016-7260 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-12-20 CVE-2016-7259 Data Processing Errors vulnerability in Microsoft products
The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-19
7.8
2016-12-20 CVE-2016-7258 Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-12-20 CVE-2016-7257 Information Exposure vulnerability in Microsoft products
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
6.5
2016-12-20 CVE-2016-7219 Information Exposure vulnerability in Microsoft products
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.5
2016-12-20 CVE-2016-7206 Cross-site Scripting vulnerability in Microsoft Edge
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.
network
low complexity
microsoft CWE-79
6.1
2016-12-20 CVE-2016-7181 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
network
high complexity
microsoft CWE-119
7.5
2016-11-10 CVE-2016-7256 Unspecified vulnerability in Microsoft products
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
network
low complexity
microsoft
8.8