460 matches found
CVE-2004-0118
CVE-2004-0118 : A local privilege-escalation vulnerability in the Virtual DOS Machine (VDM) subsystem on Windows NT 4.0 and Windows 2000. The issue arises from insufficient validation when referencing memory allocated to VDM, allowing a locally logged-on user to gain kernel/system access and exec...
CVE-2009-0568
The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...
CVE-2009-2511
CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...
CVE-2010-0027
CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...
CVE-2010-0487
CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...
CVE-2002-0863
The CVE-2002-0863 issue concerns Microsoft RDP (Remote Desktop Protocol) 5.0 on Windows 2000 and 5.1 on Windows XP, where checksums of plaintext session data are not encrypted. This could allow a remote attacker to sniff encrypted sessions and potentially recover plaintext contents (information d...
CVE-2003-0003
CVE-2003-0003 describes a locally/remotely exploitable buffer overflow in the Microsoft Locator service (RPC Locator) that allows arbitrary code execution when processing overly large RPC requests. Affected products include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and...
CVE-2007-6026
CVE-2007-6026 covers a stack-based buffer overflow in the Microsoft Jet Database Engine (msjet40.dll, 4.0.8618.0) used by Access 2003 in Office 2003 SP3. The vulnerability arises when parsing MDB files with a crafted column structure, allowing a user-assisted attacker to execute arbitrary code. T...
CVE-2009-0085
CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...
CVE-2010-0267
CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...
CVE-2010-1734
The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...
CVE-2000-1089
CVE-2000-1089 is a buffer overflow in Microsoft’s IIS Phone Book Service (pbserver.dll) that, per the description, allows local users to execute arbitrary commands (Phone Book Service Buffer Overflow). Public material references MS00-094 as the corrective update and notes that the vulnerable comp...
CVE-2006-3441
CVE-2006-3441 is a buffer overflow in the DNS Client service of Microsoft Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 that could allow remote code execution with SYSTEM privileges. The issue arises from unchecked buffers in the DNS client handling crafted DNS responses, and MS06-041 and rel...
CVE-2007-1215
CVE-2007-1215 is a Local Elevation of Privilege vulnerability in the Graphics Device Interface (GDI) of Windows. The issue arises when rendering certain images with color-related parameters, causing an unchecked buffer/length handling in GDI. A logged-on attacker could potentially gain full contr...
CVE-2007-3898
The CVE-2007-3898 issue affects the DNS server in Microsoft Windows 2000 Server SP4 and Windows Server 2003 SP1/SP2. The underlying problem is the use of predictable DNS transaction IDs when the server queries other DNS servers, which enables remote spoofing of DNS replies and can lead to DNS cac...
CVE-2009-0234
CVE-2009-0234 concerns the DNS Resolver Cache Service (DNSCache) in Windows DNS Server. The vulnerability arises from the DNS server’s handling of crafted DNS responses, where improper caching could let remote attackers predict transaction IDs and poison caches by sending numerous crafted queries...
CVE-2009-3671
CVE-2009-3671 concerns Microsoft Internet Explorer 8. The issue is a memory handling vulnerability where an object that is either not properly initialized or has been deleted is accessed, causing memory corruption and enabling remote code execution. The vulnerability is described as Uninitialized...
CVE-2010-0018
CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...
CVE-2010-0234
The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...
CVE-1999-0717
Microsoft Excel 97 is affected by CVE-1999-0717, enabling a remote attacker to disable the virus warning mechanism. Connected documents confirm the product and impact but do not provide root-cause details, affected subcomponents/versions beyond Excel 97, exploitation status, or remediation steps.
CVE-2002-0366
CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...
CVE-2002-0864
CVE-2002-0864 corresponds to a Microsoft RDP flaw affecting Windows XP (RDP 5.1) where a Remote Desktop PDU Confirm Active packet that omits the Pattern BLT can cause a denial of service (crash). OpenVAS entries also describe an information-disclosure risk from RDP 5.0/5.1 due to unencrypted chec...
CVE-2003-0469
CVE-2003-0469 describes a buffer-overflow in the HTML Converter (html32.cnv) used by Windows applications (via IE and other components). The flaw can be triggered during a cut‑and‑paste operation with a crafted HR tag (align attribute), potentially allowing remote code execution with the privileg...
CVE-2003-0910
CVE-2003-0910 concerns a privilege-elevation flaw in the Local Descriptor Table (LDT) interface on Windows NT 4.0 and Windows 2000. An attacker must be locally logged on to exploit by creating a malicious LDT entry to gain access to protected memory; Windows XP and Windows Server 2003 are not aff...
CVE-2004-0214
CVE-2004-0214 is a remote code execution vulnerability in the Windows Shell (Shell32) that stems from an unchecked/buffered input condition in the Shell’s handling of messages when launching applications. An attacker could entice a user to visit a malicious Web page or open a crafted file, potent...
CVE-2006-1184
CVE-2006-1184 describes a Denial of Service in Microsoft Windows’ Distributed Transaction Coordinator (MSDTC) that could crash the MSDTC service when a remote attacker sends a crafted BuildContextW message with a large UuidString or GuidIn. The issue affects MSDTC on Windows NT 4.0, 2000 SP4, XP ...
CVE-2006-2379
CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...
CVE-1999-0612
CVE-1999-0612 affects the finger service. The finger daemon exposes valid user information to any entity on the network, enabling information disclosure. Affected: finger on UNIX-like systems vulnerable in versions older than the patched release (e.g.,
CVE-2002-1700
CVE-2002-1700 describes a cross-site scripting (XSS) flaw in the missing template handler of Macromedia ColdFusion MX. The vulnerability arises because the HTTP request parameter for the template name is not filtered, allowing an attacker to inject script that is echoed in a 404 error message and...
CVE-2005-0053
Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...
CVE-2005-2120
CVE-2005-2120 is a stack-based buffer overflow in the Windows Plug and Play (PnP) service (UMPNPMGR.DLL) on Windows 2000 SP4 and Windows XP SP1/SP2. The overflow occurs when processing a registry key name containing a large number of backslashes, triggered in wsprintfW, allowing remote or local a...
CVE-2005-2150
CVE-2005-2150 affects Windows NT 4.0 and Windows 2000 prior to URP1 for Windows 2000 SP4. It stems from insufficient handling of NULL sessions over alternate named pipes, enabling anonymous access to certain interfaces (svcctl and eventlog). Exploitation could allow an unauthenticated remote atta...
CVE-2006-4688
CVE-2006-4688 describes a memory corruption/buffer overflow in the Client Service for NetWare (CSNW) on Windows 2000 SP4, XP SP2, and Server 2003 up to SP1. The vulnerability arises from malformed parameters to CSNW API functions, allowing remote code execution via crafted messages. Affected comp...
CVE-2009-1124
This CVE entry covers multiple Windows kernel privilege-escalation flaws (CVE-2009-1123, -1124, -1125, -1126) related to improper validation of changes to kernel objects, user-mode pointers, system-call arguments, and certain desktop parameters. Exploitation is local and requires valid logon cred...
CVE-2009-3674
CVE-2009-3674 affects Microsoft Internet Explorer 8, describing an Uninitialized Memory Corruption vulnerability in how IE8 handles memory objects (uninitialized or deleted) that can enable remote code execution. Multiple records in the connected data corroborate the same memory-corruption vector...
CVE-2010-0488
CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...
CVE-2002-0151
CVE-2002-0151 describes a buffer overflow in the Windows Multiple UNC Provider (MUP) that can permit a local attacker to cause a denial of service or gain Local SYSTEM privileges by sending an overlong UNC request. Technical sources in the connected documents show this affects Windows NT 4.0, Win...
CVE-2005-1979
CVE-2005-1979 affects the Microsoft Distributed Transaction Coordinator (MSDTC) TIP handling. A denial-of-service can occur when a remote attacker sends a crafted TIP message, potentially terminating MSDTC and affecting dependent services. The issue is mitigated by MS05-051 updates across Windows...
CVE-2005-2119
Mode C: CVE-2005-2119 is discussed in connected docs as a MSDTC DoS variant: remote attackers can crash MSDTC by sending a BuildContextW request with a large UuidString or GuidIn, causing out-of-range memory access. It notes this is a variant of CVE-2005-2119 and affects the Microsoft Distributed...
CVE-2008-2249
The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...
CVE-2008-2250
CVE-2008-2250 refers to a Windows kernel elevation-of-privilege vulnerability where the kernel fails to properly validate window properties passed from a parent to a child during new window creation. The issue can allow a local attacker to execute arbitrary code in kernel mode and gain full acces...
CVE-2008-4023
The CVE-2008-4023 entry maps to Microsoft Windows 2000 Server SP4 Active Directory. The vulnerability is a memory allocation flaw in the LDAP/LDAPS request handling that can cause a remote code execution when a specially crafted LDAP packet is processed. Impact is remote code execution with full ...
CVE-2009-1923
CVE-2009-1923 describes a heap-based buffer overflow in the Windows WINS service that can allow remote code execution on Windows 2000 SP4 and Windows Server 2003 SP2. The flaw occurs during WINS replication packet processing, where a buffer-length calculation leads to a heap overflow. Public refe...
CVE-2009-2525
CVE-2009-2525 is the Windows History: The Windows Media Runtime Heap Corruption Vulnerability. A remote code execution flaw exists in Windows Media Runtime (DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager) caused by improper initialization of unspecifi...
CVE-2010-0035
CVE-2010-0035 describes a denial-of-service vulnerability in the Kerberos Key Distribution Center (KDC) on Windows servers (Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold/SP2) when a trust with a non-Windows Kerberos realm exists. The issue arises from improper handling of Ticket-Grantin...
CVE-2010-0819
CVE-2010-0819: Elevation of privilege in the Windows OpenType Compact Font Format (CFF) Driver due to improper validation when copying data from user mode to kernel mode. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7. Local attacker with...
CVE-2006-0034
CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...
CVE-2006-4691
CVE-2006-4691 is a stack-based buffer overflow in the NetpManageIPCConnect function of wkssvc.dll (Workstation service) on Microsoft Windows 2000 SP4 and Windows XP SP2. The vulnerability is triggered by long NetrJoinDomain2 RPC hostname parameters over the network, allowing remote code execution...
CVE-2007-3034
Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...
CVE-2008-2245
CVE-2008-2245 affects Microsoft Windows Image Color Management System (ICM) via a heap-based overflow in mscms.dll (InternalOpenColorProfile). The vulnerability, in the ICCM/ICM component, allows remote code execution when a crafted image file is opened. Affected systems include Windows 2000 SP4,...