Microsoft Vulnerability Research Advisories

Microsoft Vulnerability Research (MSVR) Advisories describe security vulnerabilities that Microsoft or security researchers discovered in third-party products or services, and which Microsoft has disclosed to the affected vendors. Microsoft performs this disclosure to the affected vendor under the procedures described in Coordinated Vulnerability Disclosure.

On this page:

Frequently Asked Questions

Q. What kind of information do MSVR advisories contain?

A.

MSVR advisories contain a top-level summary that states the reason for issuing the advisory, frequently asked questions, and suggested actions. MSVR advisories may be revised as required to reflect new information or guidance.

Q. What are the specific criteria that Microsoft uses to determine whether a security advisory is required?

A.

Our goal is to issue MSVR advisories for security vulnerabilities after we have disclosed them to the affected vendors, so that the vendors could develop remediation. Customers could then use this remediation to help protect themselves.

Q. Could an MSVR advisory become a security bulletin?

A.

No. An MSVR advisory pertains to security vulnerabilities in third-party products or services. A Microsoft security bulletin pertains to security vulnerabilities in Microsoft software.

Q. Why aren't you including information about MSVR advisories in the Microsoft Security Bulletin Advance Notification?

A.

The Microsoft Security Bulletin Advance Notification is about security bulletins that Microsoft is intending to release, and is therefore about vulnerabilities in Microsoft software and their remediation. MSVR advisories, in contrast, are about third-party products and services.

Q. How will customers know when there is a call to action associated with these MSVR advisories?

A.

The MSVR advisory has a Suggested Actions section for describing any action that users may have to take to help protect themselves.

All Published or Updated MSVR Advisories

Disclaimer: The information provided in this page is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Related Links

Get security bulletin notification  Get security bulletin notifications
Receive up-to-date information in RSS or e-mail format.

MSRC blog  Microsoft Security Response Center (MSRC) blog
View MSRC webcasts, posts, and Q&A for insights on bulletins and advisories.

Report a vulnerability  Report a vulnerability
Contribute to MSRC investigations of security vulnerabilities.


All Published or Updated MSVR Advisories:

Date Advisory Number Advisory Description
6/18/2013 MSVR13-009 Cisco Security Service File Verification Bypass Could Allow Elevation of Privilege
6/18/2013 MSVR13-008 Cisco Security Service IPC Message Heap Corruption Could Allow Elevation of Privilege
5/21/2013 MSVR13-007 Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution
5/21/2013 MSVR13-006 Memory Corruption in Nitro Reader Could Allow Arbitrary Code Execution
4/16/2013 MSVR13-005 Vulnerability in SumatraPDF Reader Could Allow Remote Code Execution
3/19/2013 MSVR13-004 Vulnerability in DjVuLibre Could Allow Remote Code Execution
2/19/2013 MSVR13-003 Vulnerability in VMware VMCI.sys Could Allow Local Elevation of Privilege
2/19/2013 MSVR13-002 Vulnerability in VMware OVF Tool Could Allow Arbitrary Code Execution
1/15/2013 MSVR13-001 Vulnerability in Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software Could Allow Arbitrary Code Execution
12/18/2012 MSVR12-021 Memory Corruption in QuickTime Could Allow Arbitrary Code Execution
11/20/2012 MSVR12-020 Oracle AutoVue DXF Parsing Could Allow Arbitrary Code Execution
11/20/2012 MSVR12-019 Oracle AutoVue DGN Parsing Could Allow Arbitrary Code Execution
11/20/2012 MSVR12-018 Memory Corruption in Symantec Ghost Could Allow Arbitrary Code Execution
11/14/2012 MSVR12-016 Vulnerabilities in Ektron CMS Could Allow Arbitrary Code Execution
10/16/2012 MSVR12-017 Vulnerabilities in FFmpeg Libavcodec Could Allow Arbitrary Code Execution
9/18/2012 MSVR12-015 Memory Corruption in Google SketchUp Could Allow Arbitrary Code Execution
9/18/2012 MSVR12-014 Vulnerabilities in SumatraPDF Reader Could Allow Arbitrary Code Execution
8/21/2012 MSVR12-013 Vulnerability in Foxit Reader Could Allow Arbitrary Code Execution
8/21/2012 MSVR12-012 Safari Content-Disposition Handling Could Allow Cross-site Scripting
7/17/2012 MSVR12-011 Vulnerabilities in Nullsoft Winamp Could Allow Arbitrary Code Execution
7/17/2012 MSVR12-010 Vulnerability in Cisco WebEx Player Could Allow Remote Code Execution
6/19/2012 MSVR12-009 Vulnerability in LongTail Video JW Player Could Allow Cross-Site Scripting
6/19/2012 MSVR12-008 Vulnerability in Google Chrome Could Allow Local Code Execution
5/17/2012 MSVR12-007 Apple QuickTime MPEG Parsing Memory Corruption
4/17/2012 MSVR12-005 Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution
4/17/2012 MSVR12-006 Vulnerability in RealNetworks Helix Universal Media Server Could Allow Denial of Service
3/20/2012 MSVR12-004 JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution
2/21/2012 MSVR12-003 Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution
2/21/2012 MSVR12-002 Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution
1/17/2012 MSVR12-001 Vulnerabilities in XnViewer Could Allow Remote Code Execution
12/21/2011 MSVR11-015 Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution
12/20/2011 MSVR11-016 Vulnerability in NVIDIA Stereoscopic 3D Driver Could Allow Elevation of Privilege
11/15/2011 MSVR11-014 Vulnerability in Wireshark Allows For Arbitrary Script Execution
10/18/2011 MSVR11-013 Vulnerability in Wireshark Could Allow Remote Code Execution
10/18/2011 MSVR11-012 Vulnerability in FFmpeg Could Allow Remote Code Execution
9/20/2011 MSVR11-011 Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution
8/16/2011 MSVR11-009 Vulnerability in Apple Safari Could Allow Information Disclosure
8/16/2011 MSVR11-010 Vulnerability in WordPress Could Allow Cross-Domain Script Execution
7/19/2011 MSVR11-007 Clickjacking Vulnerability in Facebook.com Could Allow Account Compromise
7/19/2011 MSVR11-008 Vulnerability in Google Picasa Could Allow Remote Code Execution
6/21/2011 MSVR11-005 Vulnerability in Foxit Reader Could Allow Remote Code Execution
6/21/2011 MSVR11-006 Vulnerability in Google SketchUp Could Allow Remote Code Execution
5/17/2011 MSVR11-002 HTML5 Implementation in Chrome, Opera, and Safari Could Allow Information Disclosure
5/17/2011 MSVR11-003 Vulnerability in RealNetworks RealPlayer Could Allow Remote Code Execution
5/17/2011 MSVR11-004 Vulnerability in RealNetworks RealPlayer RichFX Component Could Allow Remote Code Execution
4/19/2011 MSVR11-001 Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution