Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-26 | CVE-2017-0037 | Type Confusion vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 8.1 |
| 2017-01-23 | CVE-2016-5720 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | 7.8 |
| 2017-01-10 | CVE-2017-0004 | Improper Input Validation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | 7.5 |
| 2017-01-10 | CVE-2017-0003 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Sharepoint Enterprise Server and Word Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 7.8 |
| 2017-01-10 | CVE-2017-0002 | Unspecified vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | 8.8 |
| 2016-12-20 | CVE-2016-7300 | Untrusted Search Path vulnerability in Microsoft Auto Updater for mac Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | 7.8 |
| 2016-12-20 | CVE-2016-7298 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office and Word Viewer Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 7.8 |
| 2016-12-20 | CVE-2016-7297 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. | 7.5 |
| 2016-12-20 | CVE-2016-7296 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. | 7.5 |
| 2016-12-20 | CVE-2016-7292 | Data Processing Errors vulnerability in Microsoft products The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." | 7.8 |