This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2014-02-26
Product Windows 8.1 Last view 2020-02-11
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_8.1

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2020-02-11 CVE-2020-0707

An elevation of privilege vulnerability exists when the Windows IME improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows IME Elevation of Privilege Vulnerability'.

5.5 2020-01-14 CVE-2020-0643

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'.

5.5 2020-01-14 CVE-2020-0639

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615.

5.5 2020-01-14 CVE-2020-0615

An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639.

7.5 2020-01-14 CVE-2020-0611

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

5.5 2020-01-14 CVE-2020-0608

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

5.5 2020-01-14 CVE-2020-0607

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

5.5 2019-04-08 CVE-2019-0754

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

7.8 2018-12-11 CVE-2018-8641

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639.

5.5 2018-12-11 CVE-2018-8622

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621.

5.5 2018-12-11 CVE-2018-8514

An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory, aka "Remote Procedure Call runtime Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

5.5 2018-12-11 CVE-2018-8477

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8621, CVE-2018-8622.

5.5 2018-11-13 CVE-2018-8565

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

7.8 2018-11-13 CVE-2018-8485

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561.

7.8 2018-11-13 CVE-2018-8471

An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019.

5.5 2018-10-10 CVE-2018-8486

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

7.8 2018-10-10 CVE-2018-8484

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

3.1 2018-10-10 CVE-2018-8482

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8481.

3.1 2018-10-10 CVE-2018-8481

An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482.

5.5 2018-10-10 CVE-2018-8472

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

7.8 2018-10-10 CVE-2018-8453

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

7.8 2018-10-10 CVE-2018-8423

A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

7.8 2018-10-10 CVE-2018-8413

A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

8.4 2018-09-12 CVE-2018-8439

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965.

7 2018-05-09 CVE-2018-8167

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
34% (104) CWE-200 Information Exposure
16% (49) CWE-264 Permissions, Privileges, and Access Controls
14% (44) CWE-20 Improper Input Validation
10% (32) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (17) CWE-284 Access Control (Authorization) Issues
4% (15) CWE-281 Improper Preservation of Permissions
2% (8) CWE-404 Improper Resource Shutdown or Release
1% (5) CWE-19 Data Handling
1% (4) CWE-254 Security Features
0% (3) CWE-665 Improper Initialization
0% (3) CWE-362 Race Condition
0% (2) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (2) CWE-416 Use After Free
0% (2) CWE-287 Improper Authentication
0% (2) CWE-269 Improper Privilege Management
0% (1) CWE-755 Improper Handling of Exceptional Conditions
0% (1) CWE-610 Externally Controlled Reference to a Resource in Another Sphere
0% (1) CWE-476 NULL Pointer Dereference
0% (1) CWE-415 Double Free
0% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (1) CWE-399 Resource Management Errors
0% (1) CWE-285 Improper Access Control (Authorization)
0% (1) CWE-255 Credentials Management
0% (1) CWE-131 Incorrect Calculation of Buffer Size
0% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

SAINT Exploits

Description Link
Windows RRAS Service Remote Code Execution Vulnerability More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0180 Microsoft Windows Kerberos Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0057571
2014-A-0095 Microsoft Windows Journal Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0052951
2014-B-0093 Microsoft Ancillary Function Driver Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0052955

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-09-24 Microsoft Excel Jet Database Engine code execution attempt
RuleID : 51183 - Type : FILE-OFFICE - Revision : 1
2019-09-24 Microsoft Excel Jet Database Engine code execution attempt
RuleID : 51182 - Type : FILE-OFFICE - Revision : 1
2018-12-14 Microsoft Windows Win32k information disclosure attempt
RuleID : 48394 - Type : OS-WINDOWS - Revision : 1
2018-12-14 Microsoft Windows Win32k information disclosure attempt
RuleID : 48393 - Type : OS-WINDOWS - Revision : 1
2018-11-08 Microsoft Windows win32k.sys privilege escalation attempt
RuleID : 48073 - Type : OS-WINDOWS - Revision : 1
2018-11-08 Microsoft Windows win32k.sys privilege escalation attempt
RuleID : 48072 - Type : OS-WINDOWS - Revision : 1
2018-11-08 Microsoft Windows malformed .themepack Theme API remote code execution attempt
RuleID : 48060 - Type : FILE-OTHER - Revision : 1
2018-11-08 Microsoft Windows malformed .themepack Theme API remote code execution attempt
RuleID : 48059 - Type : FILE-OTHER - Revision : 1
2018-11-06 Microsoft Windows dxgkrnl.sys kernel memory information leak attempt
RuleID : 48048 - Type : OS-WINDOWS - Revision : 1
2018-11-06 Microsoft Windows dxgkrnl.sys kernel memory information leak attempt
RuleID : 48047 - Type : OS-WINDOWS - Revision : 1
2018-10-25 Microsoft Windows JET Database Engine ActiveX clsid access attempt
RuleID : 47888 - Type : BROWSER-PLUGINS - Revision : 4
2018-10-25 Microsoft Windows JET Database Engine ActiveX clsid access attempt
RuleID : 47887 - Type : BROWSER-PLUGINS - Revision : 4
2018-10-25 Microsoft Windows JET Database Engine out-of-bounds write attempt
RuleID : 47886 - Type : FILE-OTHER - Revision : 4
2018-10-25 Microsoft Windows JET Database Engine out-of-bounds write attempt
RuleID : 47885 - Type : FILE-OTHER - Revision : 4
2018-08-16 Microsoft Windows OTF parsing memory corruption attempt
RuleID : 47220 - Type : FILE-OTHER - Revision : 1
2018-08-16 Microsoft Windows OTF parsing memory corruption attempt
RuleID : 47219 - Type : FILE-OTHER - Revision : 1
2018-06-07 Microsoft Windows clfs.sys out of bounds local privilege escalation attempt
RuleID : 46604 - Type : OS-WINDOWS - Revision : 1
2018-06-07 Microsoft Windows clfs.sys out of bounds local privilege escalation attempt
RuleID : 46603 - Type : OS-WINDOWS - Revision : 1
2018-06-07 Microsoft Win32k privilege escalation attempt
RuleID : 46565 - Type : OS-WINDOWS - Revision : 1
2018-06-07 Microsoft Win32k privilege escalation attempt
RuleID : 46564 - Type : OS-WINDOWS - Revision : 1
2018-06-07 Microsoft Win32k privilege escalation attempt
RuleID : 46563 - Type : OS-WINDOWS - Revision : 1
2018-06-07 Microsoft Win32k privilege escalation attempt
RuleID : 46562 - Type : OS-WINDOWS - Revision : 1
2018-06-05 Microsoft Windows TTF cmap integer overflow attempt
RuleID : 46504 - Type : OS-WINDOWS - Revision : 1
2018-06-05 Microsoft Windows TTF cmap integer overflow attempt
RuleID : 46503 - Type : OS-WINDOWS - Revision : 1
2018-05-24 Attempted DNS overflow
RuleID : 46409 - Type : OS-WINDOWS - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053578.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053579.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053580.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053581.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054517.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054518.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054519.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054520.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_win2008.nasl - Type: ACT_GATHER_INFO
2017-11-30 Name: The Internet Explorer installation on the remote host is affected by multiple...
File: smb_nt_ms17_jul_internet_explorer.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048952.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048953.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048954.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048955.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048956.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048957.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048958.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048959.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_win2008.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_aug_4034668.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025338.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_oct_4042895.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038781.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17_apr_3217841.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Windows host is affected by a remote code execution vulnerability.
File: smb_nt_ms17_may_4020535.nasl - Type: ACT_GATHER_INFO