| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-7292 | 7.2 |
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which
|
08-05-2019 - 22:03 | 20-12-2016 - 06:59 | |
| CVE-2016-7295 | 2.1 |
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows
|
08-05-2019 - 22:03 | 20-12-2016 - 06:59 | |
| CVE-2016-7275 | 7.2 |
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
|
30-10-2018 - 16:27 | 20-12-2016 - 06:59 | |
| CVE-2016-7257 | 4.3 |
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7278 | 2.6 |
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7276 | 5.8 |
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted docum
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7258 | 2.1 |
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memor
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7283 | 9.3 |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7263 | 9.3 |
Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7289 | 9.3 |
Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7268 | 5.8 |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive in
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7286 | 7.6 |
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7267 | 4.3 |
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7206 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7284 | 4.3 |
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7260 | 7.2 |
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gai
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7300 | 4.6 |
Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7282 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerabilit
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7281 | 2.6 |
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7273 | 9.3 |
The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7291 | 5.8 |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information fro
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7270 | 5.0 |
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key gue
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7277 | 9.3 |
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7219 | 2.1 |
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain s
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7280 | 4.3 |
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7297 | 7.6 |
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7279 | 7.6 |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7274 | 9.3 |
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arb
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7264 | 5.8 |
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a craft
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7290 | 5.8 |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information fro
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7265 | 5.8 |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attacker
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7202 | 7.6 |
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vul
|
12-10-2018 - 22:14 | 10-11-2016 - 06:59 | |
| CVE-2016-7288 | 7.6 |
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7259 | 7.2 |
The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 201
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7298 | 9.3 |
Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memo
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7262 | 6.8 |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a c
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7296 | 7.6 |
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7272 | 9.3 |
The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers t
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7287 | 7.6 |
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7266 | 6.8 |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7271 | 4.6 |
The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7181 | 7.6 |
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
|
12-10-2018 - 22:14 | 20-12-2016 - 06:59 | |
| CVE-2016-7293 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a "generally available" software product. Notes: none.
|
16-02-2017 - 16:59 | 16-02-2017 - 16:59 |