Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36123)

EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP handling allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose potentially sensitive data. The flaw affects a broad range of Windows Server (2012 through 2025) and Windows client builds where the NPS role/SNMP component is present. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a vendor patch is available from Microsoft (MSRC).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft's Resilient File System (ReFS) driver affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a stack-based buffer overflow (CWE-121) can be triggered when a victim interacts with attacker-crafted ReFS data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows an unauthenticated but user-interaction-dependent local attack yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the flaw is not on CISA KEV, so it currently represents a patch-priority rather than an active-exploitation emergency.

Buffer Overflow Stack Overflow Microsoft +5
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Code Integrity module (ci.dll) lets an already-authenticated low-privileged attacker read out-of-bounds memory (CWE-125) and leverage the resulting condition to gain higher privileges on affected Windows 10, Windows 11, and Windows Server systems back to Server 2012. The CVSS 3.1 score is 7.0 (High) with a local vector and high attack complexity, and there is no public exploit identified at time of analysis. Microsoft self-reported the issue and has released a patch through the MSRC update guide.

Buffer Overflow Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in the Microsoft Windows Universal Disk Format File System driver (UDFS) allows a local attacker to gain higher privileges after a user mounts or opens a maliciously crafted UDF-formatted volume such as an ISO or disc image. The flaw is an out-of-bounds read (CWE-125) in the kernel-mode UDFS parser, and successful exploitation yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and it is not listed in CISA KEV, but Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS file-system driver stems from a heap-based buffer overflow (CWE-122) that an authenticated local attacker can trigger to run arbitrary code with elevated privileges. The flaw was reported by Microsoft and spans a broad range of currently-supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and reliable memory-corruption primitive in a core kernel-mode driver make it a strong candidate for patch-Tuesday prioritization.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Windows Win32K kernel subsystem (CWE-122 heap-based buffer overflow) lets an already-authenticated low-privileged attacker corrupt kernel heap memory and gain SYSTEM-level control across a broad range of Windows client and server releases. The flaw carries a CVSS 3.1 base score of 8.8 with a changed scope (S:C), reflecting that a user-mode process can compromise the kernel security boundary. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Print Spooler Components affects Windows 10 (1809, 21H2, 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2019/2022/2025, where a heap-based buffer overflow (CWE-122) lets an already-authenticated local user corrupt heap memory in a Spooler component and gain SYSTEM-level privileges. Exploitation requires low-privilege local access (CVSS AV:L/PR:L) with no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH Exploit Unlikely This Month

Denial of service in Windows Hyper-V allows an authorized, adjacent-network attacker to crash or disrupt the hypervisor by triggering a buffer over-read (CWE-126). Affected platforms span Windows 10, Windows 11, and Windows Server 2012 through 2025, covering a broad slice of Microsoft's enterprise footprint. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, but a vendor-issued patch is available via Microsoft MSRC.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory to gain SYSTEM-level control across Windows 10 (1809/21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2019/2022/2025. The CVSS 7.8 (AV:L/PR:L) rating reflects that low-privileged code execution is a prerequisite; there is no public exploit identified at time of analysis, but Microsoft has released a patch. This is a classic post-exploitation escalation primitive rather than an initial-access vector.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege-level code execution in the Windows NTFS file-system driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. A heap-based buffer overflow (CWE-122) lets an authorized local attacker who can induce a user to interact with a crafted file or volume execute arbitrary code in the security context of the kernel-mode NTFS component. There is no public exploit identified at time of analysis and it is not in CISA KEV, but Microsoft has released a patch and the flaw carries full high confidentiality, integrity, and availability impact.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery (WPAD) service affects Windows 10 Version 1607 and Windows Server 2012, 2012 R2, and 2016 (including Server Core installations), where a heap-based buffer overflow (CWE-122) lets an authenticated local attacker corrupt kernel/service heap memory and elevate to higher privileges. Microsoft has released a patch and reported the flaw itself; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a high-impact but locally-scoped attack requiring existing low-privilege access.

Heap Overflow Buffer Overflow Microsoft +7
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker corrupt heap memory (CWE-122) to run code with SYSTEM-level privileges. It affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). No public exploit identified at time of analysis, but the CVSS 8.8 rating and scope change make it a strong candidate for chaining after initial access.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Network Policy Server (NPS) SNMP component allows a remote, unauthenticated attacker to read out-of-bounds memory over the network and disclose sensitive process data. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and no public exploit has been identified at time of analysis (not listed in CISA KEV).

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Remote information disclosure in the Microsoft Windows Kernel (CWE-125 out-of-bounds read) lets an unauthenticated attacker read kernel memory over a network, per the CVSS AV:N/PR:N vector, affecting a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. The flaw carries high confidentiality impact (C:H) with a minor availability side effect and no integrity impact, scoring CVSS 8.2. No public exploit is identified at time of analysis and it is not in CISA KEV, but the network-reachable, no-authentication, no-interaction profile makes it a notable patch priority.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Likely This Month

Buffer over-read in Windows Kernel allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash the service by sending crafted network input that overflows a stack buffer (CWE-121). Because AD FS commonly fronts single sign-on for Microsoft 365, Azure AD, and federated web applications, an outage cascades into loss of authentication for every relying-party application. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV; a Microsoft patch is available, and the CVSS 3.1 score is 7.5 (availability-only impact).

Buffer Overflow Stack Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an unauthorized attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume (CVE-2026-50362). The flaw affects the ReFS component shipped across Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025, carries CVSS 7.8, and requires user interaction (UI:R) with no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Message Queuing (MSMQ) allows an unauthenticated attacker to run arbitrary code over the network by corrupting heap memory. The flaw (CWE-122) carries a CVSS 9.8 and affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis, but the network-reachable, no-interaction, no-privilege profile of prior MSMQ bugs (e.g. the 'QueueJumper' class) makes this a top-priority patch. Microsoft has released a fix.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation to code execution in the Windows NTFS driver (CVE-2026-50417) allows an authenticated attacker with low privileges to corrupt heap memory and run arbitrary code on affected Windows 10, Windows 11, and Windows Server 2012 through 2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft, with CVSS 7.8 (High) reflecting local vector, low complexity, and full confidentiality/integrity/availability impact. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) driver arises from a heap-based buffer overflow (CWE-122) that an attacker can trigger by inducing a user to interact with a specially crafted NTFS volume or file. Affecting a broad range of Windows client and server builds from Windows Server 2012/2012 R2 through Windows 11 26H1 and Windows Server 2025, successful exploitation yields high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; Microsoft has issued a fix.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated low-privileged user to elevate to higher (likely SYSTEM-level) privileges by triggering an out-of-bounds read condition. The flaw affects a broad range of currently supported Windows client and server builds, from Windows 10 21H2 through Windows 11 26H1 and Windows Server 2022/2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver affects a broad range of Windows client and server releases, from Windows 10 1607 and Server 2012 R2 through Windows 11 26H1 and Server 2025. An authenticated local attacker with low privileges can trigger a buffer over-read (CWE-126) in the filter to elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 +15
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1809 +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver lets an already-authenticated low-privileged user read memory outside allocated bounds (CWE-125) to gain elevated privileges. It affects a broad Windows fleet spanning Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (the New Technology File System driver) arises from a heap-based buffer overflow that lets an attacker run arbitrary code with the privileges of the affected process. The flaw affects a broad swath of supported Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft (the reporter) has shipped a patch; there is no public exploit identified at time of analysis, and the CVSS vector requires local access plus user interaction, so it is a privilege-escalation/code-execution primitive rather than a remotely-wormable bug.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege elevation in the Windows Graphics Device Interface (GDI) component allows an already-authenticated, low-privileged user to run code at a higher privilege level by triggering a stack-based buffer overflow (CWE-121). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Reported by Microsoft with a patch available; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +22
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS file-system driver lets an attacker run arbitrary code by triggering a heap-based buffer overflow (CWE-122) when Windows parses crafted file-system metadata. The flaw spans a broad range of supported releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. It carries a CVSS 7.8 (Important) rating, requires user interaction, has a vendor patch available, and no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in the Windows Kernel allows a remote, unauthenticated attacker to read out-of-bounds memory and leak sensitive data across all currently supported Windows client and server builds (Windows 10 1809/21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2019/2022/2025). The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N, high confidentiality impact only). There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-reachable, no-privilege, no-interaction profile makes it a broadly applicable patch-now item.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated low-privileged user to run code with elevated (typically SYSTEM) rights by triggering a heap-based buffer overflow. Microsoft, the reporting party, has released a patch through its Update Guide. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV, so there is no evidence of active exploitation, though EIP-class memory-corruption bugs in core OS components are attractive follow-on targets after initial access.

Heap Overflow Buffer Overflow Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Microsoft Windows NTFS driver stems from an out-of-bounds read (CWE-125) that an attacker can leverage to run arbitrary code on affected systems, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Exploitation requires local access and user interaction (AV:L/UI:R), typically opening or mounting a maliciously crafted file or volume, but no prior authentication (PR:N). Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Local information disclosure in the Windows Container Isolation FS Filter Driver (unionfs.sys) on Windows 11 version 26H1 allows an authorized low-privileged user to read memory outside intended bounds and disclose sensitive kernel or process data. The flaw was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis. CVSS 7.1 (AV:L) reflects local access with low privileges but high confidentiality impact.

Buffer Overflow Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) allows a remote, unauthenticated attacker to crash or render the federation service unavailable by triggering a stack-based buffer overflow over the network. The flaw affects the AD FS role across Windows Server 2012 through 2025 (including Server Core installations) and carries a CVSS 7.5 rating driven entirely by availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but a vendor patch is available.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH Exploit Likely This Month

Heap-based buffer overflow in Windows DirectX allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.

Buffer Overflow Microsoft Information Disclosure +14
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial-of-service (and possible privilege-elevation) heap-based buffer overflow in the Microsoft Windows Remote Desktop Client is reachable over the network, with Microsoft's CVSS vector recording only an availability impact (A:H) despite the description's 'elevate privileges' wording. A patch is available from Microsoft (MSRC update guide), the flaw was reported by Microsoft itself, and there is no public exploit identified at time of analysis. Affected platforms span the full supported Windows client and server line, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows arises from a heap-based buffer overflow in a Windows Data DLL, letting an attacker who can get a victim to open crafted content run arbitrary code with the victim's privileges. Affected builds span Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025. Microsoft (the reporter) has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Likely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an unauthenticated, adjacent-network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) in DHCP message parsing. Affected systems span Windows Server 2012 through Windows Server 2025 (including Server Core installations) plus the DHCP service on Windows 10 versions 1607 and 1809, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Resilient File System (ReFS) driver allows an authenticated attacker to run code with SYSTEM-level privileges by triggering a heap-based buffer overflow. The flaw (CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server 2016-2025 builds and carries high confidentiality, integrity, and availability impact. It is a Microsoft-reported issue with a vendor patch available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Buffer over-read in Windows NTFS allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local code execution in the Windows Media component of Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 allows an authenticated local attacker to run arbitrary code by triggering a heap-based buffer overflow. Successful exploitation yields high confidentiality, integrity, and availability impact within the current security context, and Microsoft has released a patch. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows GDI+ (gdiplus) lets an unauthenticated network attacker run arbitrary code when a victim opens or renders a specially crafted image, via a heap-based buffer overflow (CWE-122). The flaw affects a broad range of supported Windows client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025). It carries a critical CVSS 9.6 with a scope-changed impact, but requires user interaction and currently has no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver (heap-based buffer overflow, CWE-122) allows an attacker to run arbitrary code with the privileges of the exploited context. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. CVSS 7.8 with high confidentiality, integrity, and availability impact; exploitation requires local access and user interaction, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in Microsoft Active Directory Federation Services (ADFS) allows an unauthenticated network attacker to crash the service via a stack-based buffer overflow (CWE-121). The flaw affects the ADFS role across Windows Server 2012 through 2025 (and the underlying Windows 10 1607/1809 servicing components), carries a CVSS 7.5 availability-only score, and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS arises from a heap-based buffer overflow (CWE-122) that an authorized, low-privileged local user can trigger to run arbitrary code and elevate to SYSTEM. The flaw spans a broad Windows footprint from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.8 (High).

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows App Installer (the MSIX/AppX package deployment component, msixbundle/App Installer) lets an already-authenticated low-privileged user overflow a stack buffer to gain higher privileges on affected Windows 10, Windows 11, and Windows Server builds. Microsoft self-reported the flaw and has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The CVSS 7.8 (AV:L/PR:L) rating reflects a locally-launched attack with high confidentiality, integrity, and availability impact.

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS file system driver lets an unauthorized attacker run arbitrary code by tricking a user into interacting with specially crafted content, per Microsoft's MSRC advisory. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit is identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and full-CIA impact make it a meaningful local code-execution risk.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS file-system driver allows an authenticated attacker to run code with elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121). The flaw was reported by Microsoft and affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. No public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (High).

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Denial of service in Microsoft Active Directory Federation Services (AD FS) lets a remote, unauthenticated attacker crash the service by triggering a stack-based buffer overflow (CWE-121) over the network. Because AD FS commonly fronts single sign-on for Microsoft 365, SaaS, and internal web applications, a successful crash can knock out federated authentication for an entire organization. No public exploit identified at time of analysis, and the flaw is availability-only — confidentiality and integrity are not impacted per the CVSS vector.

Buffer Overflow Stack Overflow Windows 10 Version 1607 +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Push Notifications component (WNS/WpnService) lets an already-authenticated low-privileged user overwrite adjacent heap memory to gain SYSTEM-level control across Windows 10 (1607-22H2), Windows 11 (24H2-26H1), and Windows Server 2012 R2 through 2025. Microsoft reported the flaw and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. The high CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered, but exploitation requires prior local access.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Redirected Drive Buffering Subsystem (RDBSS) lets an authenticated low-privileged attacker read memory beyond an allocated buffer to elevate to higher privileges. The flaw affects a broad range of currently-supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, Windows Server 2012 through Server 2025) and carries a CVSS 7.0 (High) rating. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Kernel lets a low-privileged, authenticated attacker gain SYSTEM-level control by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad platform range from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025, and was reported internally by Microsoft. No public exploit is identified at time of analysis and it is not in CISA KEV, but the ubiquity of the affected component plus full high impact on confidentiality, integrity, and availability make it a meaningful patch priority.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Integer overflow or wraparound in Windows Spaceport.sys allows an unauthorized attacker to elevate privileges with a physical attack.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Resilient File System (ReFS) allows an authenticated low-privileged user to gain elevated (SYSTEM-level) privileges by triggering a stack-based buffer overflow (CWE-121) in the ReFS driver. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Web Proxy Auto-Discovery Protocol (WPAD) component lets an already-authenticated local user run code with SYSTEM-level rights by triggering an integer overflow (CWE-190). The flaw affects a broad range of Windows client and server builds, from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019 through 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and high triad impact make it a meaningful patch-tier issue.

Buffer Overflow Microsoft Integer Overflow +11
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to execute code with a physical attack.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in the Windows NTFS driver (CVE-2026-49797) allows an attacker with local access to run arbitrary code by tricking a user into interacting with a maliciously crafted NTFS artifact, exploiting a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server releases from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has released a patch; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Windows GDI+ (the Graphics Device Interface Plus rendering component) affects a broad range of Microsoft Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. An attacker who convinces a user to open or preview a specially crafted image or document triggers a heap-based buffer overflow (CWE-122) during graphics parsing, yielding arbitrary code execution in the context of the current user. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R); there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but GDI+ image-parsing flaws are historically attractive to attackers.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation via arbitrary code execution in Microsoft Windows Resilient File System (ReFS) affects a broad range of Windows 10, Windows 11, and Windows Server (2016-2025) builds. An authorized (low-privileged) attacker who can trigger the vulnerable heap allocation path can corrupt heap memory (CWE-122) to run code in the security context of the ReFS driver, yielding full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not on the CISA KEV list.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows NTFS driver allows an already-authenticated, low-privileged user to gain elevated (likely SYSTEM) privileges by triggering a stack-based buffer overflow, contingent on user interaction. The flaw spans a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. Microsoft has issued a patch and reported the issue itself; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS (New Technology File System) stems from a heap-based buffer overflow (CWE-122) that lets a local attacker run arbitrary code with high confidentiality, integrity, and availability impact. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025 - and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but NTFS's role as the default Windows filesystem makes the exposed surface extremely wide.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an authenticated network attacker to run arbitrary code on domain controllers by triggering a heap-based buffer overflow (CWE-122). Affected platforms span Windows Server 2012 through 2025 (including Server Core) and Windows 10/11 clients acting in AD roles, with Microsoft-issued patches available. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the CVSS 8.8 rating and the sensitivity of the domain-controller attack surface make this a high-priority patch.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows DHCP Server role allows an authenticated network attacker (PR:L) to trigger a heap-based buffer overflow and run arbitrary code on the server. The flaw affects DHCP Server across Windows Server 2012 through Server 2025 (including Server Core installations) and carries a CVSS 8.8 with full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 0% CVSS 7.3
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows NTFS driver allows an authenticated attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122) after inducing user interaction. The flaw affects a broad range of Windows client and server releases, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. It was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Microsoft +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local arbitrary code execution in Microsoft Excel arises from a heap-based buffer overflow (CWE-122) triggered when a user opens a maliciously crafted spreadsheet; successful exploitation runs attacker code in the context of the current user across desktop Office builds (Excel 2016, Office 2019, LTSC 2021/2024, Microsoft 365 Apps) on both Windows and Mac, as well as Office Online Server. The flaw carries CVSS 7.8 with high confidentiality, integrity, and availability impact but requires user interaction (opening the file). No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows Media Foundation lets an attacker run arbitrary code in the context of the victim after luring them to open a maliciously crafted media file. The flaw (CVE-2026-58610, CWE-122 heap-based buffer overflow) affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. CVSS is 7.8 (AV:L/AC:L/PR:N/UI:R) with full confidentiality, integrity, and availability impact; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in the Microsoft Graphics Component affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). An attacker who convinces a user to open a specially crafted file or content triggers an out-of-bounds read (CWE-125) that Microsoft rates as enabling code execution with high confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; exploitation requires local access plus user interaction, making it a standard patch-cycle priority rather than an emergency.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Virtual Hard Disk (VHD) Miniport Driver lets an authenticated low-privileged user corrupt kernel heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow, CVSS 7.8) affects a broad range of Windows 10, Windows 11, and Windows Server builds and was reported by Microsoft. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +14
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Information disclosure in Microsoft Office (Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) via an out-of-bounds read (CWE-125) lets an attacker leak sensitive memory contents when a victim opens a maliciously crafted document. The CVSS 3.1 base score is 7.1 (AV:L/AC:L/PR:N/UI:R), reflecting local exploitation that requires user interaction but no prior authentication. Microsoft is the reporting source and has published a fix; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (and the broader Office family through Microsoft 365 Apps, Office 2019/2021/2024 LTSC, Office for Mac, and Office Online Server) arises from a stack-based buffer overflow (CWE-121) triggered when a user opens a maliciously crafted spreadsheet. An attacker who convinces a victim to open the file runs arbitrary code in the security context of the current user, with high impact to confidentiality, integrity, and availability. There is no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV; Microsoft has released a patch.

Buffer Overflow Stack Overflow Microsoft +9
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +9
NVD
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Defender (Microsoft Malware Protection Engine) allows an unauthorized attacker to run arbitrary code by having a maliciously crafted file processed by the scanning engine. The flaw stems from an integer overflow (CWE-190) that corrupts memory during scanning, yielding full confidentiality, integrity, and availability impact. Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Buffer Overflow Microsoft Integer Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation to code execution in the Windows Resilient File System (ReFS) driver affects a broad range of Windows 10/11 and Windows Server 2016 through 2025 releases, where an integer overflow (CWE-190) in filesystem processing lets an already-authenticated local user run arbitrary code in an elevated context. The CVSS 3.1 vector (AV:L/PR:L) confirms low-privileged local access is required rather than remote exploitation, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +14
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft +11
NVD VulDB
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +11
NVD
Prev Page 3 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36123

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy