Skip to main content

Microsoft

Vendor security scorecard – 17282 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 95706
17282
CVEs
2483
Critical
9315
High
352
KEV
2001
PoC
5113
Unpatched C/H
56.2%
Patch Rate
7.5%
Avg EPSS

Severity Breakdown

CRITICAL
2483
HIGH
9315
MEDIUM
5148
LOW
329

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2017-7269 Remote code execution in Microsoft IIS 6.0 WebDAV service allows unauthenticated attackers to execute arbitrary code by sending a specially crafted PROPFIND request with a malicious 'If' header. Confirmed actively exploited (CISA KEV) since July-August 2016, predating public disclosure by 7+ months. EPSS score of 94.43% (100th percentile) reflects widespread exploitation against legacy Windows Server 2003 R2 systems still exposed to the internet. Multiple public exploits exist including Metasploit modules, and vendor patch has been available since March 2017. CRITICAL 9.8 94.4% 238
KEV PoC
CVE-2015-5119 Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16. CRITICAL 9.8 93.2% 237
KEV PoC
CVE-2015-3113 Adobe Flash Player contains a heap-based buffer overflow that allows remote code execution, exploited as a zero-day in June 2015 by APT3 (a Chinese cyber espionage group) in phishing campaigns targeting aerospace and defense organizations. CRITICAL 9.8 92.4% 236
KEV PoC
CVE-2011-2462 Adobe Reader and Acrobat contain an unspecified U3D component vulnerability causing memory corruption that allows remote code execution, exploited as a zero-day in December 2011 through crafted PDF files. CRITICAL 9.8 91.9% 236
KEV PoC No patch
CVE-2025-53770 Microsoft SharePoint Server contains a deserialization vulnerability allowing unauthenticated remote code execution over the network, with active exploitation confirmed and patches pending full release. CRITICAL 9.8 90.5% 235
KEV PoC No patch
CVE-2012-0158 Remote code execution in Microsoft MSCOMCTL.OCX ActiveX controls allows unauthenticated attackers to execute arbitrary code via maliciously crafted Office documents, RTF files, or web pages. Actively exploited since April 2012 and confirmed in CISA KEV catalog. Despite being patched in 2012, EPSS score of 94.32% (100th percentile) indicates continued exploitation attempts against unpatched systems. Affects broad Microsoft product ecosystem including Office 2003-2010, SQL Server 2000-2008 R2, BizTalk, Commerce Server, Visual FoxPro, and Visual Basic 6.0 Runtime. HIGH 8.8 94.3% 233
KEV PoC
CVE-2017-0144 Remote code execution in Microsoft SMBv1 allows authenticated network attackers to execute arbitrary code on Windows systems via crafted packets. This vulnerability (part of the MS17-010 bulletin and known as 'EternalBlue') is confirmed actively exploited (CISA KEV) with EPSS score of 94.32%, indicating near-certain exploitation probability. Widely weaponized in 2017 WannaCry and NotPetya ransomware campaigns. Affects Windows Vista through Windows 10 1607 and Windows Server 2008-2016, plus Siemens medical imaging systems running vulnerable Windows embedded OS. Multiple public exploits available including DOUBLEPULSAR payload delivery framework. HIGH 8.8 94.3% 233
KEV PoC
CVE-2011-0611 Adobe Flash Player contains a type confusion vulnerability in object handling that allows remote attackers to execute arbitrary code via malicious SWF content, actively exploited in targeted attacks in April 2011. HIGH 8.8 93.6% 233
KEV PoC
CVE-2014-0322 Internet Explorer 9 and 10 contain a use-after-free vulnerability in CMarkup object handling exploitable via crafted JavaScript, used in 'Operation SnowMan' watering hole attacks targeting US military and defense in early 2014. HIGH 8.8 93.2% 232
KEV PoC
CVE-2012-1889 Microsoft XML Core Services 3.0 through 6.0 access uninitialized memory locations, allowing remote attackers to execute code or cause memory corruption through a crafted website, actively exploited before patch availability. HIGH 8.8 92.9% 232
KEV PoC
CVE-2012-4792 Internet Explorer 6 through 8 contain a use-after-free vulnerability in CDwnBindInfo object handling that allows remote code execution through crafted websites, exploited as a zero-day in December 2012. HIGH 8.8 91.4% 230
KEV PoC
CVE-2017-11882 Remote code execution in Microsoft Office 2007-2016 via malicious documents exploiting a 17-year-old buffer overflow in the Equation Editor component (EQNEDT32.EXE). Attackers deliver weaponized Office files that execute arbitrary code when opened, requiring no macros or user interaction beyond opening the document. Confirmed actively exploited (CISA KEV) with EPSS score of 94.38% indicating widespread exploitation. Multiple public exploit frameworks available including Metasploit modules. Microsoft released patches in November 2017, but exploitation continues against unpatched systems across APT campaigns and commodity malware. HIGH 7.8 94.4% 228
KEV PoC
CVE-2017-0199 Remote code execution in Microsoft Office 2007-2016 and Windows Vista through 10 allows attackers to execute arbitrary code via malicious RTF or Office documents exploiting Windows API object linking. Confirmed actively exploited (CISA KEV) with EPSS score of 94.33% indicating near-certain real-world exploitation probability. Multiple public exploit codes available including weaponized RTF generators. Despite local attack vector classification (AV:L), exploitation occurs remotely through email/web delivery of crafted documents requiring only user interaction to open the file. HIGH 7.8 94.3% 228
KEV PoC
CVE-2010-3333 Remote code execution in Microsoft Office 2003-2010 and Office for Mac 2004-2011 allows attackers to execute arbitrary code via malicious RTF documents. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code and an EPSS score of 93.79% (100th percentile), indicating extremely high real-world exploitation likelihood. Microsoft released patches via security bulletin MS10-087. The vulnerability affects a wide range of Office versions across Windows and macOS platforms, representing significant enterprise exposure despite the 2010 disclosure date. HIGH 7.8 93.8% 228
KEV PoC
CVE-2014-1761 Microsoft Word 2003 through 2013 contain a memory corruption vulnerability in RTF file parsing that allows remote code execution, exploited as a zero-day in targeted attacks against government and military organizations. HIGH 7.8 93.1% 227
KEV PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy