CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-8504 19 Exec Code 2018-10-10 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 365 ProPlus, Microsoft Office, Microsoft Word.
2 CVE-2018-8502 19 Exec Code 2018-10-10 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.
3 CVE-2018-8501 19 Exec Code 2018-10-10 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint.
4 CVE-2018-8500 119 Exec Code Overflow Mem. Corr. 2018-10-10 2018-11-26
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore.
5 CVE-2018-8494 611 Exec Code 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
6 CVE-2018-8464 119 Exec Code Overflow 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.
7 CVE-2018-8432 119 Exec Code Overflow 2018-10-10 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008.
8 CVE-2018-8430 284 Exec Code 2018-09-12 2018-11-16
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.
9 CVE-2018-8423 20 Exec Code 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
10 CVE-2018-8421 20 Exec Code 2018-09-12 2018-11-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.
11 CVE-2018-8420 611 Exec Code 2018-09-12 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
12 CVE-2018-8414 20 Exec Code 2018-08-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
13 CVE-2018-8413 20 Exec Code 2018-10-10 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
14 CVE-2018-8397 119 Exec Code Overflow 2018-08-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
15 CVE-2018-8393 119 Exec Code Overflow 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392.
16 CVE-2018-8392 119 Exec Code Overflow 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.
17 CVE-2018-8379 119 Exec Code Overflow 2018-08-15 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.
18 CVE-2018-8376 119 Exec Code Overflow 2018-08-15 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
19 CVE-2018-8375 119 Exec Code Overflow 2018-08-15 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.
20 CVE-2018-8350 119 Exec Code Overflow 2018-08-15 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
21 CVE-2018-8349 502 Exec Code 2018-08-15 2018-09-10
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
22 CVE-2018-8346 94 Exec Code 2018-08-15 2018-10-18
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.
23 CVE-2018-8344 94 Exec Code 2018-08-15 2018-09-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
24 CVE-2018-8332 264 Exec Code 2018-09-12 2018-11-16
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
25 CVE-2018-8331 119 Exec Code Overflow 2018-09-12 2018-11-16
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
26 CVE-2018-8312 119 Exec Code Overflow 2018-07-10 2018-09-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
27 CVE-2018-8302 119 Exec Code Overflow Mem. Corr. 2018-08-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
28 CVE-2018-8284 20 Exec Code 2018-07-10 2018-09-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
29 CVE-2018-8281 119 Exec Code Overflow 2018-07-10 2018-09-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.
30 CVE-2018-8273 119 Exec Code Overflow 2018-08-15 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
31 CVE-2018-8265 284 Exec Code 2018-10-10 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
32 CVE-2018-8248 19 Exec Code 2018-06-14 2018-08-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
33 CVE-2018-8238 254 Bypass 2018-07-10 2018-09-06
9.3
None Remote Medium Not required Complete Complete Complete
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
34 CVE-2018-8231 19 Exec Code 2018-06-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
35 CVE-2018-8225 284 Exec Code 2018-06-14 2018-06-18
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
36 CVE-2018-8176 20 Exec Code 2018-05-23 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.
37 CVE-2018-8173 119 Exec Code Overflow 2018-05-09 2018-06-06
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory, aka "Microsoft InfoPath Remote Code Execution Vulnerability." This affects Microsoft Infopath.
38 CVE-2018-8172 20 Exec Code 2018-07-10 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
39 CVE-2018-8162 119 Exec Code Overflow 2018-05-09 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.
40 CVE-2018-8161 119 Exec Code Overflow 2018-05-09 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Word, Word, Microsoft Office, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8157, CVE-2018-8158.
41 CVE-2018-8158 119 Exec Code Overflow 2018-05-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.
42 CVE-2018-8157 119 Exec Code Overflow 2018-05-09 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8158, CVE-2018-8161.
43 CVE-2018-8154 119 Exec Code Overflow Mem. Corr. 2018-05-09 2018-06-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.
44 CVE-2018-8148 119 Exec Code Overflow 2018-05-09 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
45 CVE-2018-8147 119 Exec Code Overflow 2018-05-09 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
46 CVE-2018-8136 119 Exec Code Overflow 2018-05-09 2018-06-13
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
47 CVE-2018-1030 19 Exec Code 2018-04-11 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.
48 CVE-2018-1029 119 Exec Code Overflow 2018-04-11 2018-05-15
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.
49 CVE-2018-1028 94 Exec Code 2018-04-11 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.
50 CVE-2018-1027 119 Exec Code Overflow 2018-04-11 2018-05-15
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029.
Total number of vulnerabilities : 2085   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.