Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_7
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2367 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-12 | CVE-2019-0986 | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 6.3 | ||
| 2019-06-12 | CVE-2019-0985 | A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language. The update address the vulnerability by modifying how the... | Windows_7, Windows_server_2008 | 7.8 | ||
| 2019-06-12 | CVE-2019-1010 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 4.7 | ||
| 2019-06-12 | CVE-2019-1009 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_7, Windows_server_2008 | 4.7 | ||
| 2019-06-12 | CVE-2019-1012 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 4.7 | ||
| 2019-06-12 | CVE-2019-1011 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_7, Windows_server_2008 | 4.7 | ||
| 2019-06-12 | CVE-2019-1014 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.0 | ||
| 2019-06-12 | CVE-2019-1013 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_7, Windows_server_2008 | 4.7 | ||
| 2019-06-12 | CVE-2019-1017 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that... | Windows_10, Windows_7, Windows_8\.1, Windows_rt_8\.1, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019 | 7.0 | ||
| 2019-06-12 | CVE-2019-1015 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by... | Windows_7, Windows_server_2008, Windows_server_2012 | 4.7 |