Microsoft Windows 10 Version 1507 vulnerabilities

CVE-2019-1155 [HIGH] CVE-2019-1155: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-1149 [HIGH] CWE-787 CVE-2019-1149: A remote code execution vulnerability exists when the Windows font library improperly handles specia A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whos

CVE-2019-1157 [HIGH] CWE-94 CVE-2019-1157: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vuln

CVE-2019-1146 [HIGH] CVE-2019-1146: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili

CVE-2019-0718 [MEDIUM] CWE-20 CVE-2019-0718: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1158 [MEDIUM] CWE-200 CVE-2019-1158: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open

CVE-2019-1078 [MEDIUM] CWE-200 CVE-2019-1078: An information disclosure vulnerability exists when the Windows Graphics component improperly handle An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a specially crafted application. The u

CVE-2019-0723 [MEDIUM] CWE-20 CVE-2019-0723: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1187 [MEDIUM] CWE-611 CVE-2019-1187: A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XM A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an XML application

CVE-2019-0716 [MEDIUM] CVE-2019-0716: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attac A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an

CVE-2019-0715 [MEDIUM] CWE-20 CVE-2019-0715: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1143 [MEDIUM] CWE-200 CVE-2019-1143: An information disclosure vulnerability exists when the Windows GDI component improperly discloses t An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open

CVE-2019-0714 [MEDIUM] CWE-20 CVE-2019-0714: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account

CVE-2019-1172 [MEDIUM] CWE-200 CVE-2019-1172: An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MS An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would have to trick a user into browsing to a specially crafted website, allowing t

CVE-2019-1163 [MEDIUM] CWE-354 CVE-2019-1163: A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convi

CVE-2019-1153 [MEDIUM] CWE-125 CVE-2019-1153: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component imprope An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a spe

CVE-2019-1148 [MEDIUM] CWE-125 CVE-2019-1148: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component imprope An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a spe

CVE-2019-1198 [MEDIUM] CVE-2019-1198: An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the v An elevation of privilege exists in SyncController.dll. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. Howev

CVE-2019-1014 [HIGH] CVE-2019-1014: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vul

CVE-2019-0907 [HIGH] CVE-2019-0907: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerabili