Vulnerabilities > Microsoft > Windows > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-08-15 CVE-2012-1525 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe apple microsoft CWE-119
critical
10.0
2012-08-06 CVE-2012-4145 Unspecified vulnerability in Opera Browser
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue."
network
low complexity
opera linux microsoft apple
critical
10.0
2012-06-29 CVE-2012-2015 Unspecified vulnerability in HP System Management Homepage
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors.
network
low complexity
hp linux microsoft
critical
9.0
2012-06-29 CVE-2012-2014 Unspecified vulnerability in HP System Management Homepage
HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors.
network
low complexity
hp linux microsoft
critical
9.0
2012-06-29 CVE-2012-2012 Unspecified vulnerability in HP System Management Homepage
HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
network
low complexity
hp linux microsoft
critical
10.0
2012-06-20 CVE-2012-2493 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
network
cisco microsoft apple linux CWE-20
critical
9.3
2012-05-21 CVE-2012-2376 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
network
low complexity
php microsoft CWE-119
critical
10.0
2012-05-16 CVE-2012-0669 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime
Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
network
apple microsoft CWE-119
critical
9.3
2012-05-16 CVE-2012-0667 Numeric Errors vulnerability in Apple Quicktime
Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file.
network
apple microsoft CWE-189
critical
9.3
2012-05-16 CVE-2012-0666 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime
Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object.
network
apple microsoft CWE-119
critical
9.3