Skip to main content

Microsoft Vulnerability Research Advisories

Microsoft Vulnerability Research (MSVR) Advisories describe security vulnerabilities that Microsoft or security researchers discovered in third-party products or services, and which Microsoft has disclosed to the affected vendors. Microsoft performs this disclosure to the affected vendor under the procedures described in Coordinated Vulnerability Disclosure.

On this page:

Frequently Asked Questions

Q. What kind of information do MSVR advisories contain?

A.

MSVR advisories contain a top-level summary that states the reason for issuing the advisory, frequently asked questions, and suggested actions. MSVR advisories may be revised as required to reflect new information or guidance.

Q. What are the specific criteria that Microsoft uses to determine whether a security advisory is required?

A.

Our goal is to issue MSVR advisories for security vulnerabilities after we have disclosed them to the affected vendors, so that the vendors could develop remediation. Customers could then use this remediation to help protect themselves.

Q. Could an MSVR advisory become a security bulletin?

A.

No. An MSVR advisory pertains to security vulnerabilities in third-party products or services. A Microsoft security bulletin pertains to security vulnerabilities in Microsoft software.

Q. Why aren't you including information about MSVR advisories in the Microsoft Security Bulletin Advance Notification?

A.

The Microsoft Security Bulletin Advance Notification is about security bulletins that Microsoft is intending to release, and is therefore about vulnerabilities in Microsoft software and their remediation. MSVR advisories, in contrast, are about third-party products and services.

Q. How will customers know when there is a call to action associated with these MSVR advisories?

A.

The MSVR advisory has a Suggested Actions section for describing any action that users may have to take to help protect themselves.

All Published or Updated MSVR Advisories

Disclaimer: The information provided in this page is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

DateAdvisory NumberAdvisory Description
6/18/2013MSVR13-009 Cisco Security Service File Verification Bypass Could Allow Elevation of Privilege
6/18/2013MSVR13-008 Cisco Security Service IPC Message Heap Corruption Could Allow Elevation of Privilege
5/21/2013MSVR13-007 Heap Corruption in Nitro Reader Could Allow Arbitrary Code Execution
5/21/2013MSVR13-006 Memory Corruption in Nitro Reader Could Allow Arbitrary Code Execution
4/16/2013MSVR13-005 Vulnerability in SumatraPDF Reader Could Allow Remote Code Execution
3/19/2013MSVR13-004 Vulnerability in DjVuLibre Could Allow Remote Code Execution
2/19/2013MSVR13-003 Vulnerability in VMware VMCI.sys Could Allow Local Elevation of Privilege
2/19/2013MSVR13-002 Vulnerability in VMware OVF Tool Could Allow Arbitrary Code Execution
1/15/2013MSVR13-001 Vulnerability in Lenovo ThinkPad Bluetooth with Enhanced Data Rate Software Could Allow Arbitrary Code Execution
12/18/2012MSVR12-021 Memory Corruption in QuickTime Could Allow Arbitrary Code Execution
11/20/2012MSVR12-020 Oracle AutoVue DXF Parsing Could Allow Arbitrary Code Execution
11/20/2012MSVR12-019 Oracle AutoVue DGN Parsing Could Allow Arbitrary Code Execution
11/20/2012MSVR12-018 Memory Corruption in Symantec Ghost Could Allow Arbitrary Code Execution
11/14/2012MSVR12-016 Vulnerabilities in Ektron CMS Could Allow Arbitrary Code Execution
10/16/2012MSVR12-017 Vulnerabilities in FFmpeg Libavcodec Could Allow Arbitrary Code Execution
9/18/2012MSVR12-015 Memory Corruption in Google SketchUp Could Allow Arbitrary Code Execution
9/18/2012MSVR12-014 Vulnerabilities in SumatraPDF Reader Could Allow Arbitrary Code Execution
8/21/2012MSVR12-013 Vulnerability in Foxit Reader Could Allow Arbitrary Code Execution
8/21/2012MSVR12-012 Safari Content-Disposition Handling Could Allow Cross-site Scripting
7/17/2012MSVR12-011 Vulnerabilities in Nullsoft Winamp Could Allow Arbitrary Code Execution
7/17/2012MSVR12-010 Vulnerability in Cisco WebEx Player Could Allow Remote Code Execution
6/19/2012MSVR12-009 Vulnerability in LongTail Video JW Player Could Allow Cross-Site Scripting
6/19/2012MSVR12-008 Vulnerability in Google Chrome Could Allow Local Code Execution
5/17/2012MSVR12-007 Apple QuickTime MPEG Parsing Memory Corruption
4/17/2012MSVR12-006 Vulnerability in RealNetworks Helix Universal Media Server Could Allow Denial of Service
4/17/2012MSVR12-005 Vulnerabilities in RealNetworks Helix Server Could Allow Arbitrary Script Execution
3/20/2012MSVR12-004 JPEG 2000 Memory Overwrite Vulnerability in OpenJPEG Could Allow Arbitrary Code Execution
2/21/2012MSVR12-003 Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution (12-003)
2/21/2012MSVR12-002 Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution (12-002)
1/17/2012MSVR12-001 Vulnerabilities in XnViewer Could Allow Remote Code Execution
12/21/2011MSVR11-015 Vulnerability in Hex-Rays IDA Pro, IDAPython Plugin Could Allow Arbitrary Script Execution
12/20/2011MSVR11-016 Vulnerability in NVIDIA Stereoscopic 3D Driver Could Allow Elevation of Privilege
11/15/2011MSVR11-014 Vulnerability in Wireshark Allows For Arbitrary Script Execution
10/18/2011MSVR11-013 Vulnerability in Wireshark Could Allow Remote Code Execution
10/18/2011MSVR11-012 Vulnerability in FFmpeg Could Allow Remote Code Execution
9/20/2011MSVR11-011 Vulnerability in FFmpeg Matroska Format Decoder Could Allow Remote Code Execution
8/16/2011MSVR11-010 Vulnerability in WordPress Could Allow Cross-Domain Script Execution
8/16/2011MSVR11-009 Vulnerability in Apple Safari Could Allow Information Disclosure
7/19/2011MSVR11-008 Vulnerability in Google Picasa Could Allow Remote Code Execution
7/19/2011MSVR11-007 Clickjacking Vulnerability in Facebook.com Could Allow Account Compromise
6/21/2011MSVR11-006 Vulnerability in Google SketchUp Could Allow Remote Code Execution
6/21/2011MSVR11-005 Vulnerability in Foxit Reader Could Allow Remote Code Execution
5/17/2011MSVR11-004 Vulnerability in RealNetworks RealPlayer RichFX Component Could Allow Remote Code Execution
5/17/2011MSVR11-003 Vulnerability in RealNetworks RealPlayer Could Allow Remote Code Execution
5/17/2011MSVR11-002 HTML5 Implementation in Chrome, Opera, and Safari Could Allow Information Disclosure
4/19/2011MSVR11-001 Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution