| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." |
| Windows Address Book Remote Code Execution Vulnerability |
| .NET Framework Remote Code Execution Vulnerability |
| Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. |
| Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. |
| Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. |
| Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
| Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally. |
| Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. |
| External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. |
| Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally. |
| Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. |
