Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-10 | CVE-2019-1468 | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 9.3 |
| 2019-12-10 | CVE-2019-1462 | Use of Uninitialized Resource vulnerability in Microsoft Office, Office 365 Proplus and Powerpoint A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | 9.3 |
| 2019-11-12 | CVE-2019-1449 | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A security feature bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would have to run a specially crafted file, aka 'Microsoft Office ClickToRun Security Feature Bypass Vulnerability'. | 10.0 |
| 2019-11-12 | CVE-2019-1448 | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 9.3 |
| 2019-11-12 | CVE-2019-1441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 7 and Windows Server 2008 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 9.3 |
| 2019-11-12 | CVE-2019-1430 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'. | 9.3 |
| 2019-11-12 | CVE-2019-1406 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 9.3 |
| 2019-11-12 | CVE-2019-0721 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.0 |
| 2019-11-12 | CVE-2019-0719 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. | 9.0 |
| 2019-10-10 | CVE-2019-1372 | Unspecified vulnerability in Microsoft Azure APP Service ON Azure Stack An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'. | 10.0 |