windows_7 vulnerabilities and exploits

7.2
CVSSv2
CVE-2013-2553

Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912....

7.2
CVSSv2
CVE-2013-1333

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."...

6.8
CVSSv2
CVE-2019-5921

Untrusted search path vulnerability in Windows 7 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory....

7.5
CVSSv2
CVE-2013-2554

Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787....

6.9
CVSSv2
CVE-2011-4695

Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. ...

7.6
CVSSv2
CVE-2017-11819

Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability"....

MicrosoftWindows 7
5
CVSSv2
CVE-2011-1652

** DISPUTED ** The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which...

7.2
CVSSv2
CVE-2014-0262

win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle...

7.2
CVSSv2
CVE-2019-1169

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'....

5
CVSSv2
CVE-2009-2764

Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script...