Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-16 | CVE-2016-3227 | Unspecified vulnerability in Microsoft Windows Server 2012 R2 Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." | 9.8 |
2016-04-12 | CVE-2016-0088 | Improper Access Control vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." | 9.3 |
2016-03-09 | CVE-2016-0132 | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass." | 9.8 |
2016-01-13 | CVE-2016-0003 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." | 9.6 |
2015-02-02 | CVE-2015-0313 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | 9.8 |
2015-01-23 | CVE-2015-0311 | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | 9.8 |
2014-04-27 | CVE-2014-1776 | Use After Free vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. | 9.8 |
2011-06-16 | CVE-2011-1889 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Forefront Threat Management Gateway 2010 The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." | 9.8 |
2008-01-16 | CVE-2008-0081 | Use of Uninitialized Resource vulnerability in Microsoft Excel, Excel Viewer and Office Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | 9.8 |
2004-11-03 | CVE-2004-0847 | Path Traversal vulnerability in Microsoft Asp.Net 1.0/1.1 The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | 9.8 |