Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-08 CVE-2014-4112 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0304.
network
high complexity
microsoft CWE-119
7.5
7.5
2018-02-08 CVE-2014-4066 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806.
network
high complexity
microsoft CWE-119
7.5
7.5
2018-01-22 CVE-2018-0862 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8
2018-01-22 CVE-2018-0849 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8
2018-01-22 CVE-2018-0848 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8
2018-01-22 CVE-2018-0845 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
local
low complexity
microsoft
7.8
7.8
2018-01-10 CVE-2018-0818 Unspecified vulnerability in Microsoft Chakracore
Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".
network
high complexity
microsoft
7.5
7.5
2018-01-10 CVE-2018-0812 Out-of-bounds Write vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".
local
low complexity
microsoft CWE-787
7.8
7.8
2018-01-10 CVE-2018-0807 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8
2018-01-10 CVE-2018-0806 Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability".
network
low complexity
microsoft
8.8
8.8