Lucene search
+L

477 matches found

CVE
CVE
added 2009/06/10 5:37 p.m.51 views

CVE-2009-0239

CVE-2009-0239 is a Windows Search 4.0 information-disclosure vulnerability affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The flaw arises from an unfiltered HTML/embedded content rendering when Previewing or loading a crafted file in Windows Search results, allowing a remote attacker t...

4.3CVSS5.7AI score0.32546EPSS
Exploits1References7Affected Software1
securityvulns
securityvulns
added 2009/06/10 12:0 a.m.55 views

Microsoft Security Bulletin MS09-023 - Moderate Vulnerability in Windows Search Could Allow Information Disclosure (963093)

Microsoft Security Bulletin MS09-023 - Moderate Vulnerability in Windows Search Could Allow Information Disclosure 963093 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Windows Search. The vulnerabilit...

4.3CVSS6.1AI score0.32546EPSS
Exploits1
securityvulns
securityvulns
added 2009/06/10 12:0 a.m.46 views

Microsoft Windows Search information leak

Crossite scripting on search results...

4.3CVSS1.4AI score0.32546EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/06/10 12:0 a.m.45 views

MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure (963093)

The remote Windows host contains a version of Windows Search that has a flaw in the way it uses MSHTML a.k.a. Trident to render HTML content that could result in information disclosure. If an attacker can trick a user on the affected host into putting a specially crafted HTML file on the system o...

4.3CVSS5.5AI score0.32546EPSS
Exploits1References2
Symantec
Symantec
added 2009/06/09 12:0 a.m.11 views

Microsoft Windows Search Script Injection Vulnerability

Description Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when previewing search results. Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially...

0.3AI score
Exploits0References2Affected Software1
Saint
Saint
added 2008/12/11 12:0 a.m.75 views

Windows search-ms protocol handler command execution vulnerability

Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...

8.5CVSS6.4AI score0.20516EPSS
Exploits5
Prion
Prion
added 2008/12/10 2:0 p.m.23 views

Code injection

The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."...

8.5CVSS7.7AI score0.20682EPSS
Exploits1References6
CVE
CVE
added 2008/12/10 1:33 p.m.62 views

CVE-2008-4269

CVE-2008-4269 describes a remote code execution vulnerability in the Windows Search parsing workflow. The issue lies in the search-ms protocol handler used by Windows Explorer on Windows Vista (Gold/SP1) and Windows Server 2008, where untrusted parameter data is produced by incorrect parsing and ...

8.5CVSS7AI score0.20516EPSS
Exploits5References6Affected Software2
securityvulns
securityvulns
added 2008/12/10 12:0 a.m.81 views

Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution 959349 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Windows Search. These...

8.5CVSS1.8AI score0.20682EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2008/12/09 12:0 a.m.27 views

Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)

A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save...

8.5CVSS7AI score0.20682EPSS
Exploits1
NVD
NVD
added 2007/10/21 9:17 p.m.21 views

CVE-2007-5618

Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs...

7.2CVSS6.5AI score0.00451EPSS
Exploits1References15
Prion
Prion
added 2007/09/21 7:17 p.m.23 views

Design/Logic Flaw

Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain...

6.9CVSS6.8AI score0.00322EPSS
Exploits0References7Affected Software5
Cvelist
Cvelist
added 2006/09/26 1:43 a.m.20 views

CVE-2006-4994

Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute 1 FileZillaServer.exe, 2 mysqld-nt.exe, 3 Perl.exe, or 4 xamppcontrol.exe with ...

7AI score0.00368EPSS
Exploits0References5
Prion
Prion
added 2006/02/23 11:2 p.m.12 views

Design/Logic Flaw

Unquoted Windows search path vulnerability in 1 snsmcon.exe, 2 the autostartup mechanism, and 3 an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a...

7.2CVSS7.2AI score0.00338EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2006/01/17 9:3 p.m.10 views

Design/Logic Flaw

Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key...

2.1CVSS7AI score0.00333EPSS
Exploits0References5
CVE
CVE
added 2005/11/18 11:0 a.m.55 views

CVE-2005-2940

CVE-2005-2940 describes an unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1). Local users could gain privileges by placing a malicious file named program.exe in the C: drive, which could be executed by one of several Antispyware components: GIANTAntiSpywareMain....

7.2CVSS6.5AI score0.02339EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2005/11/18 11:0 a.m.22 views

CVE-2005-2940

Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 Beta 1 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs 1 GIANTAntiSpywareMain.exe, 2 gcASNotice.exe, 3 gcasServ.exe, 4 gcasSWUpdater.exe, or 5...

6.4AI score0.02339EPSS
Exploits0References3
Rows per page
Query Builder