Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-06-16 CVE-2016-3227 Unspecified vulnerability in Microsoft Windows Server 2012 R2
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."
network
low complexity
microsoft
critical
9.8
2016-04-12 CVE-2016-0088 Improper Access Control vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-284
critical
9.3
2016-03-09 CVE-2016-0132 Improper Input Validation vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."
network
low complexity
microsoft CWE-20
critical
9.8
2016-01-13 CVE-2016-0003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
critical
9.6
2015-02-02 CVE-2015-0313 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
network
low complexity
adobe suse opensuse microsoft CWE-416
critical
9.8
2015-01-23 CVE-2015-0311 Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
network
low complexity
adobe suse microsoft
critical
9.8
2014-04-27 CVE-2014-1776 Use After Free vulnerability in Microsoft Internet Explorer
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.
network
low complexity
microsoft CWE-416
critical
9.8
2011-06-16 CVE-2011-1889 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Forefront Threat Management Gateway 2010
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
critical
9.8
2008-01-16 CVE-2008-0081 Use of Uninitialized Resource vulnerability in Microsoft Excel, Excel Viewer and Office
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
network
low complexity
microsoft CWE-908
critical
9.8
2004-11-03 CVE-2004-0847 Path Traversal vulnerability in Microsoft Asp.Net 1.0/1.1
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."
network
low complexity
microsoft CWE-22
critical
9.8