Lucene search
K

460 matches found

CVE
CVE
added 2004/04/16 4:0 a.m.83 views

CVE-2004-0118

CVE-2004-0118 : A local privilege-escalation vulnerability in the Virtual DOS Machine (VDM) subsystem on Windows NT 4.0 and Windows 2000. The issue arises from insufficient validation when referencing memory allocated to VDM, allowing a locally logged-on user to gain kernel/system access and exec...

7.2CVSS7.5AI score0.2224EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.83 views

CVE-2009-0568

The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...

10CVSS6.6AI score0.32387EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.83 views

CVE-2009-2511

CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...

7.5CVSS6.5AI score0.12959EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.83 views

CVE-2010-0027

CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...

9.3CVSS8.3AI score0.33985EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.83 views

CVE-2010-0487

CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...

9.3CVSS7.6AI score0.24216EPSS
CVE
CVE
added 2002/10/01 4:0 a.m.82 views

CVE-2002-0863

The CVE-2002-0863 issue concerns Microsoft RDP (Remote Desktop Protocol) 5.0 on Windows 2000 and 5.1 on Windows XP, where checksums of plaintext session data are not encrypted. This could allow a remote attacker to sniff encrypted sessions and potentially recover plaintext contents (information d...

5CVSS6.5AI score0.24001EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.82 views

CVE-2003-0003

CVE-2003-0003 describes a locally/remotely exploitable buffer overflow in the Microsoft Locator service (RPC Locator) that allows arbitrary code execution when processing overly large RPC requests. Affected products include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and...

7.5CVSS7.5AI score0.4545EPSS
CVE
CVE
added 2007/11/20 12:0 a.m.82 views

CVE-2007-6026

CVE-2007-6026 covers a stack-based buffer overflow in the Microsoft Jet Database Engine (msjet40.dll, 4.0.8618.0) used by Access 2003 in Office 2003 SP3. The vulnerability arises when parsing MDB files with a crafted column structure, allowing a user-assisted attacker to execute arbitrary code. T...

9.3CVSS7.3AI score0.28268EPSS
CVE
CVE
added 2009/03/10 8:0 p.m.82 views

CVE-2009-0085

CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...

7.1CVSS6.6AI score0.15193EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.82 views

CVE-2010-0267

CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...

9.3CVSS7.6AI score0.34408EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.82 views

CVE-2010-1734

The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...

4.9CVSS6.3AI score0.02658EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.81 views

CVE-2000-1089

CVE-2000-1089 is a buffer overflow in Microsoft’s IIS Phone Book Service (pbserver.dll) that, per the description, allows local users to execute arbitrary commands (Phone Book Service Buffer Overflow). Public material references MS00-094 as the corrective update and notes that the vulnerable comp...

10CVSS7.2AI score0.76552EPSS
Web
CVE
CVE
added 2006/08/09 1:0 a.m.81 views

CVE-2006-3441

CVE-2006-3441 is a buffer overflow in the DNS Client service of Microsoft Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 that could allow remote code execution with SYSTEM privileges. The issue arises from unchecked buffers in the DNS client handling crafted DNS responses, and MS06-041 and rel...

10CVSS7.8AI score0.65532EPSS
CVE
CVE
added 2007/04/04 4:0 p.m.81 views

CVE-2007-1215

CVE-2007-1215 is a Local Elevation of Privilege vulnerability in the Graphics Device Interface (GDI) of Windows. The issue arises when rendering certain images with color-related parameters, causing an unchecked buffer/length handling in GDI. A logged-on attacker could potentially gain full contr...

7.2CVSS6.5AI score0.02721EPSS
CVE
CVE
added 2007/11/14 1:0 a.m.81 views

CVE-2007-3898

The CVE-2007-3898 issue affects the DNS server in Microsoft Windows 2000 Server SP4 and Windows Server 2003 SP1/SP2. The underlying problem is the use of predictable DNS transaction IDs when the server queries other DNS servers, which enables remote spoofing of DNS replies and can lead to DNS cac...

6.4CVSS6.3AI score0.55127EPSS
CVE
CVE
added 2009/03/11 2:0 p.m.81 views

CVE-2009-0234

CVE-2009-0234 concerns the DNS Resolver Cache Service (DNSCache) in Windows DNS Server. The vulnerability arises from the DNS server’s handling of crafted DNS responses, where improper caching could let remote attackers predict transaction IDs and poison caches by sending numerous crafted queries...

6.4CVSS6.3AI score0.34442EPSS
CVE
CVE
added 2009/12/09 6:0 p.m.81 views

CVE-2009-3671

CVE-2009-3671 concerns Microsoft Internet Explorer 8. The issue is a memory handling vulnerability where an object that is either not properly initialized or has been deleted is accessed, causing memory corruption and enabling remote code execution. The vulnerability is described as Uninitialized...

9.3CVSS7.2AI score0.21038EPSS
CVE
CVE
added 2010/01/13 7:0 p.m.81 views

CVE-2010-0018

CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...

9.3CVSS7.7AI score0.26523EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.81 views

CVE-2010-0234

The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...

4.7CVSS6AI score0.01932EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.80 views

CVE-1999-0717

Microsoft Excel 97 is affected by CVE-1999-0717, enabling a remote attacker to disable the virus warning mechanism. Connected documents confirm the product and impact but do not provide root-cause details, affected subcomponents/versions beyond Excel 97, exploitation status, or remediation steps.

2.6CVSS7AI score0.05843EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.80 views

CVE-2002-0366

CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...

7.2CVSS7.6AI score0.02811EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.80 views

CVE-2002-0864

CVE-2002-0864 corresponds to a Microsoft RDP flaw affecting Windows XP (RDP 5.1) where a Remote Desktop PDU Confirm Active packet that omits the Pattern BLT can cause a denial of service (crash). OpenVAS entries also describe an information-disclosure risk from RDP 5.0/5.1 due to unencrypted chec...

5CVSS6.5AI score0.15927EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.80 views

CVE-2003-0469

CVE-2003-0469 describes a buffer-overflow in the HTML Converter (html32.cnv) used by Windows applications (via IE and other components). The flaw can be triggered during a cut‑and‑paste operation with a crafted HR tag (align attribute), potentially allowing remote code execution with the privileg...

7.5CVSS7.8AI score0.49529EPSS
CVE
CVE
added 2004/04/16 4:0 a.m.80 views

CVE-2003-0910

CVE-2003-0910 concerns a privilege-elevation flaw in the Local Descriptor Table (LDT) interface on Windows NT 4.0 and Windows 2000. An attacker must be locally logged on to exploit by creating a malicious LDT entry to gain access to protected memory; Windows XP and Windows Server 2003 are not aff...

7.2CVSS7.8AI score0.27634EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.80 views

CVE-2004-0214

CVE-2004-0214 is a remote code execution vulnerability in the Windows Shell (Shell32) that stems from an unchecked/buffered input condition in the Shell’s handling of messages when launching applications. An attacker could entice a user to visit a malicious Web page or open a crafted file, potent...

10CVSS7.9AI score0.51011EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.80 views

CVE-2006-1184

CVE-2006-1184 describes a Denial of Service in Microsoft Windows’ Distributed Transaction Coordinator (MSDTC) that could crash the MSDTC service when a remote attacker sends a crafted BuildContextW message with a large UuidString or GuidIn. The issue affects MSDTC on Windows NT 4.0, 2000 SP4, XP ...

5CVSS6.3AI score0.29721EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.80 views

CVE-2006-2379

CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...

9.3CVSS7.7AI score0.58027EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.79 views

CVE-1999-0612

CVE-1999-0612 affects the finger service. The finger daemon exposes valid user information to any entity on the network, enabling information disclosure. Affected: finger on UNIX-like systems vulnerable in versions older than the patched release (e.g.,

6.4AI score0.6744EPSS
CVE
CVE
added 2005/06/21 4:0 a.m.79 views

CVE-2002-1700

CVE-2002-1700 describes a cross-site scripting (XSS) flaw in the missing template handler of Macromedia ColdFusion MX. The vulnerability arises because the HTTP request parameter for the template name is not filtered, allowing an attacker to inject script that is echoed in a 404 error message and...

4.3CVSS6.4AI score0.22904EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.79 views

CVE-2005-0053

Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...

7.5CVSS7.6AI score0.6349EPSS
CVE
CVE
added 2005/10/13 4:0 a.m.79 views

CVE-2005-2120

CVE-2005-2120 is a stack-based buffer overflow in the Windows Plug and Play (PnP) service (UMPNPMGR.DLL) on Windows 2000 SP4 and Windows XP SP1/SP2. The overflow occurs when processing a registry key name containing a large number of backslashes, triggered in wsprintfW, allowing remote or local a...

6.5CVSS7.5AI score0.63062EPSS
CVE
CVE
added 2005/07/11 4:0 a.m.79 views

CVE-2005-2150

CVE-2005-2150 affects Windows NT 4.0 and Windows 2000 prior to URP1 for Windows 2000 SP4. It stems from insufficient handling of NULL sessions over alternate named pipes, enabling anonymous access to certain interfaces (svcctl and eventlog). Exploitation could allow an unauthenticated remote atta...

5CVSS6.7AI score0.1926EPSS
CVE
CVE
added 2006/11/14 10:0 p.m.79 views

CVE-2006-4688

CVE-2006-4688 describes a memory corruption/buffer overflow in the Client Service for NetWare (CSNW) on Windows 2000 SP4, XP SP2, and Server 2003 up to SP1. The vulnerability arises from malformed parameters to CSNW API functions, allowing remote code execution via crafted messages. Affected comp...

7.5CVSS7.7AI score0.76878EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.79 views

CVE-2009-1124

This CVE entry covers multiple Windows kernel privilege-escalation flaws (CVE-2009-1123, -1124, -1125, -1126) related to improper validation of changes to kernel objects, user-mode pointers, system-call arguments, and certain desktop parameters. Exploitation is local and requires valid logon cred...

7.2CVSS6.3AI score0.01438EPSS
CVE
CVE
added 2009/12/09 6:0 p.m.79 views

CVE-2009-3674

CVE-2009-3674 affects Microsoft Internet Explorer 8, describing an Uninitialized Memory Corruption vulnerability in how IE8 handles memory objects (uninitialized or deleted) that can enable remote code execution. Multiple records in the connected data corroborate the same memory-corruption vector...

9.3CVSS7.2AI score0.26261EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.79 views

CVE-2010-0488

CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...

6.5CVSS5.9AI score0.29229EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.78 views

CVE-2002-0151

CVE-2002-0151 describes a buffer overflow in the Windows Multiple UNC Provider (MUP) that can permit a local attacker to cause a denial of service or gain Local SYSTEM privileges by sending an overlong UNC request. Technical sources in the connected documents show this affects Windows NT 4.0, Win...

7.2CVSS6.9AI score0.03584EPSS
CVE
CVE
added 2005/10/11 4:0 a.m.78 views

CVE-2005-1979

CVE-2005-1979 affects the Microsoft Distributed Transaction Coordinator (MSDTC) TIP handling. A denial-of-service can occur when a remote attacker sends a crafted TIP message, potentially terminating MSDTC and affecting dependent services. The issue is mitigated by MS05-051 updates across Windows...

5CVSS6.6AI score0.36279EPSS
CVE
CVE
added 2005/10/11 4:0 a.m.78 views

CVE-2005-2119

Mode C: CVE-2005-2119 is discussed in connected docs as a MSDTC DoS variant: remote attackers can crash MSDTC by sending a BuildContextW request with a large UuidString or GuidIn, causing out-of-range memory access. It notes this is a variant of CVE-2005-2119 and affects the Microsoft Distributed...

5CVSS6.2AI score0.39128EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.78 views

CVE-2008-2249

The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...

9.3CVSS7.8AI score0.31122EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.78 views

CVE-2008-2250

CVE-2008-2250 refers to a Windows kernel elevation-of-privilege vulnerability where the kernel fails to properly validate window properties passed from a parent to a child during new window creation. The issue can allow a local attacker to execute arbitrary code in kernel mode and gain full acces...

7.2CVSS6.1AI score0.01635EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.78 views

CVE-2008-4023

The CVE-2008-4023 entry maps to Microsoft Windows 2000 Server SP4 Active Directory. The vulnerability is a memory allocation flaw in the LDAP/LDAPS request handling that can cause a remote code execution when a specially crafted LDAP packet is processed. Impact is remote code execution with full ...

10CVSS7.4AI score0.3917EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.78 views

CVE-2009-1923

CVE-2009-1923 describes a heap-based buffer overflow in the Windows WINS service that can allow remote code execution on Windows 2000 SP4 and Windows Server 2003 SP2. The flaw occurs during WINS replication packet processing, where a buffer-length calculation leads to a heap overflow. Public refe...

9.3CVSS7.9AI score0.24658EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.78 views

CVE-2009-2525

CVE-2009-2525 is the Windows History: The Windows Media Runtime Heap Corruption Vulnerability. A remote code execution flaw exists in Windows Media Runtime (DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager) caused by improper initialization of unspecifi...

9.3CVSS7.4AI score0.23318EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.78 views

CVE-2010-0035

CVE-2010-0035 describes a denial-of-service vulnerability in the Kerberos Key Distribution Center (KDC) on Windows servers (Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold/SP2) when a trust with a non-Windows Kerberos realm exists. The issue arises from improper handling of Ticket-Grantin...

6.3CVSS6.1AI score0.17432EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.78 views

CVE-2010-0819

CVE-2010-0819: Elevation of privilege in the Windows OpenType Compact Font Format (CFF) Driver due to improper validation when copying data from user mode to kernel mode. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7. Local attacker with...

7.2CVSS7.1AI score0.02081EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.77 views

CVE-2006-0034

CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...

7.5CVSS7.9AI score0.30542EPSS
CVE
CVE
added 2006/11/14 9:0 p.m.77 views

CVE-2006-4691

CVE-2006-4691 is a stack-based buffer overflow in the NetpManageIPCConnect function of wkssvc.dll (Workstation service) on Microsoft Windows 2000 SP4 and Windows XP SP2. The vulnerability is triggered by long NetrJoinDomain2 RPC hostname parameters over the network, allowing remote code execution...

10CVSS7.7AI score0.80214EPSS
Web
CVE
CVE
added 2007/08/14 9:0 p.m.77 views

CVE-2007-3034

Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...

9.3CVSS7.7AI score0.54749EPSS
CVE
CVE
added 2008/08/13 12:0 a.m.77 views

CVE-2008-2245

CVE-2008-2245 affects Microsoft Windows Image Color Management System (ICM) via a heap-based overflow in mscms.dll (InternalOpenColorProfile). The vulnerability, in the ICCM/ICM component, allows remote code execution when a crafted image file is opened. Affected systems include Windows 2000 SP4,...

9.3CVSS7.5AI score0.46142EPSS
Total number of security vulnerabilities460