Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-15 | CVE-2012-1853 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." | 10.0 |
| 2012-08-15 | CVE-2012-1852 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." | 10.0 |
| 2012-08-15 | CVE-2012-1526 | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." | 9.3 |
| 2012-08-06 | CVE-2012-4145 | Unspecified vulnerability in Opera Browser Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." | 10.0 |
| 2012-06-29 | CVE-2012-2015 | Unspecified vulnerability in HP System Management Homepage Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. | 9.0 |
| 2012-06-29 | CVE-2012-2014 | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. | 9.0 |
| 2012-06-29 | CVE-2012-2012 | Unspecified vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 10.0 |
| 2012-06-20 | CVE-2012-2493 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. | 9.3 |
| 2012-06-12 | CVE-2012-1849 | Unspecified vulnerability in Microsoft Lync 2010 Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 AV:N per "How could an attacker exploit the vulnerability? An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. | 9.3 |
| 2012-05-21 | CVE-2012-2376 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. | 10.0 |