477 matches found
CVE-2009-0239
CVE-2009-0239 is a Windows Search 4.0 information-disclosure vulnerability affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The flaw arises from an unfiltered HTML/embedded content rendering when Previewing or loading a crafted file in Windows Search results, allowing a remote attacker t...
Microsoft Security Bulletin MS09-023 - Moderate Vulnerability in Windows Search Could Allow Information Disclosure (963093)
Microsoft Security Bulletin MS09-023 - Moderate Vulnerability in Windows Search Could Allow Information Disclosure 963093 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Windows Search. The vulnerabilit...
Microsoft Windows Search information leak
Crossite scripting on search results...
MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure (963093)
The remote Windows host contains a version of Windows Search that has a flaw in the way it uses MSHTML a.k.a. Trident to render HTML content that could result in information disclosure. If an attacker can trick a user on the affected host into putting a specially crafted HTML file on the system o...
Microsoft Windows Search Script Injection Vulnerability
Description Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when previewing search results. Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially...
Windows search-ms protocol handler command execution vulnerability
Added: 12/11/2008 CVE: CVE-2008-4269 BID: 32652 OSVDB: 50566 Background The search-ms protocol allows applications to query the Windows Search index. Problem A vulnerability in Windows allows command execution when a user follows a specially crafted search-ms URL which passes arbitrary arguments ...
Code injection
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."...
CVE-2008-4269
CVE-2008-4269 describes a remote code execution vulnerability in the Windows Search parsing workflow. The issue lies in the search-ms protocol handler used by Windows Explorer on Windows Vista (Gold/SP1) and Windows Server 2008, where untrusted parameter data is produced by incorrect parsing and ...
Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution 959349 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in Windows Search. These...
Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)
A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save...
CVE-2007-5618
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs...
Design/Logic Flaw
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain...
CVE-2006-4994
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute 1 FileZillaServer.exe, 2 mysqld-nt.exe, 3 Perl.exe, or 4 xamppcontrol.exe with ...
Design/Logic Flaw
Unquoted Windows search path vulnerability in 1 snsmcon.exe, 2 the autostartup mechanism, and 3 an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a...
Design/Logic Flaw
Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key...
CVE-2005-2940
CVE-2005-2940 describes an unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1). Local users could gain privileges by placing a malicious file named program.exe in the C: drive, which could be executed by one of several Antispyware components: GIANTAntiSpywareMain....
CVE-2005-2940
Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 Beta 1 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs 1 GIANTAntiSpywareMain.exe, 2 gcASNotice.exe, 3 gcasServ.exe, 4 gcasSWUpdater.exe, or 5...