Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-10 CVE-2016-0053 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
7.8
2016-02-10 CVE-2016-0052 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0022.
local
low complexity
microsoft CWE-119
7.8
7.8
2016-02-10 CVE-2016-0051 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
7.8
2016-02-10 CVE-2016-0048 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
7.8
2016-02-10 CVE-2016-0047 Information Exposure vulnerability in Microsoft .Net Framework
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
7.5
7.5
2016-02-10 CVE-2016-0046 Improper Input Validation vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012
Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
local
low complexity
microsoft CWE-20
7.8
7.8
2016-02-10 CVE-2016-0044 Improper Input Validation vulnerability in Microsoft Windows 8.1, Windows RT 8.1 and Windows Server 2012
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
7.5
7.5
2016-02-10 CVE-2016-0042 Unspecified vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."
local
low complexity
microsoft
7.8
7.8
2016-02-10 CVE-2016-0041 Unspecified vulnerability in Microsoft products
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
local
low complexity
microsoft
7.8
7.8
2016-02-10 CVE-2016-0040 Unspecified vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
local
low complexity
microsoft
7.8
7.8