Lucene search
+L

460 matches found

cve
cve
added 2005/01/06 5:0 a.m.73 views

CVE-2004-1305

CVE-2004-1305 refers to a denial-of-service vulnerability in the Windows kernel related to how animated cursor and icon formats are processed. The weakness, described in MS05-002 and related CERT advisories, can be triggered by specially crafted cursor/icon/ani files viewed via Web pages or email...

5CVSS6.5AI score0.6236EPSS
cve
cve
added 2005/07/14 4:0 a.m.72 views

CVE-2001-1560

CVE-2001-1560 involves Win32k.sys (Graphics Device Interface, GDI) on Windows 2000/XP. The vulnerability arises when a local user calls the ShowWindow function after receiving a WM_NCCREATE message, enabling a local DoS (system crash). Documents consistently reference this by name and description...

2.1CVSS6.6AI score0.04948EPSS
cve
cve
added 2003/03/21 5:0 a.m.72 views

CVE-2003-0010

The CVE-2003-0010 issue is a heap-based overflow in the Windows Script Engine (JsArrayFunctionHeapSort in JScript.dll) that can allow remote code execution via a malicious web page or HTML e-mail. Affected component is Windows Script Engine/JScript.dll; exploit arises from handling large array in...

7.5CVSS7.9AI score0.23773EPSS
cve
cve
added 2005/04/13 4:0 a.m.72 views

CVE-2005-0048

CVE-2005-0048 is a Windows IP stack vulnerability (IP Validation Vulnerability) that allows remote code execution or denial of service via crafted IP packets with malformed options. Affected products include Windows XP SP2 and earlier, Windows 2000 SP3/SP4, and Windows Server 2003. The root cause...

7.5CVSS7.6AI score0.45524EPSS
cve
cve
added 2005/08/10 4:0 a.m.72 views

CVE-2005-1218

CVE-2005-1218 describes a denial-of-service in the Microsoft Windows Remote Desktop Protocol (RDP) service affecting Windows 2000/XP/Server 2003. Root cause: an input-validation flaw in how RDP messages are processed, which could allow a remote attacker to crash the RDP service by sending a craft...

5CVSS6.4AI score0.61183EPSS
cve
cve
added 2005/10/11 4:0 a.m.72 views

CVE-2005-1978

CAN-2005-1978 pertains to a COM+ vulnerability in Windows (MS04-era MS05-051 context) where the COM+ component creates/uses memory structures in a way that could allow remote code execution and local privilege escalation. The linked MS05-051 bulletin confirms affected platforms include Windows 20...

7.5CVSS7.2AI score0.56856EPSS
cve
cve
added 2007/04/10 9:0 p.m.72 views

CVE-2007-1206

CVE-2007-1206 describes a Windows Kernel local privilege elevation due to incorrect permissions on a mapped memory segment (PAGE_READWRITE) for a physical memory view, enabling an unprivileged user to modify the zero page and gain privileges. Affected systems include Windows NT 4.0; 2000 SP4; XP ...

7.2CVSS6AI score0.02709EPSS
cve
cve
added 2002/05/03 4:0 a.m.71 views

CVE-2002-0224

MSDTC DoS (CVE-2002-0224) affects Microsoft Windows 2000, IIS 5.x, and SQL Server up to 2000. A DoS can be triggered by sending malformed input to the MSDTC service, potentially causing crashes or hangs. OpenVAS/Nessus refer to MS02-018 as the patch that mitigates related issues; applying that pa...

5CVSS7.1AI score0.2086EPSS
cve
cve
added 2003/07/10 4:0 a.m.71 views

CVE-2003-0496

CVE-2003-0496: Affected software is Microsoft SQL Server on Windows 2000 prior to SP4. By passing a named pipe as an argument to xp_fileexist, a local attacker can impersonate the SQL Server service account due to CreateFile/Named Pipe behavior. Impact is local privilege escalation to the SQL Ser...

7.2CVSS6.4AI score0.04858EPSS
cve
cve
added 2003/10/17 4:0 a.m.71 views

CVE-2003-0711

CVE-2003-0711 describes a stack-based buffer overflow in the PCHealth-HSC (Help and Support Center) HCP URL handling on Windows XP and Windows Server 2003. The unchecked buffer in the HCP protocol-handling file allows remote code execution with SYSTEM/Local privileges when a user clicks a crafted...

7.5CVSS8.1AI score0.33077EPSS
cve
cve
added 2006/04/12 12:0 a.m.71 views

CVE-2006-0012

CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...

5.1CVSS7.5AI score0.24069EPSS
cve
cve
added 2006/09/12 11:0 p.m.71 views

CVE-2006-0032

Microsoft Windows Indexing Service vulnerability (CVE-2006-0032) is a cross-site scripting flaw in the Indexing Service component of Windows 2000/XP/Server 2003 when Encoding is set to Auto Select. An attacker can craft a UTF-7 URL that is injected into an error message, potentially executing scr...

4.3CVSS5.4AI score0.33221EPSS
cve
cve
added 2008/04/08 11:0 p.m.71 views

CVE-2008-1083

CVE-2008-1083 describes a remote-code-execution vulnerability in the Windows GDI component. The flaw occurs in the CreateDIBPatternBrushPt function when parsing malformed EMF/WMF image headers, leading to a heap-based/integer overflow in GDI and potentially arbitrary code execution on affected sy...

9.3CVSS7.7AI score0.57102EPSS
cve
cve
added 2008/04/08 11:0 p.m.71 views

CVE-2008-1087

CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...

9.3CVSS7.8AI score0.56603EPSS
cve
cve
added 2009/06/10 5:37 p.m.71 views

CVE-2009-0230

CVE-2009-0230 : A remote authenticated elevation-of-privilege vulnerability in the Windows Print Spooler allowing an arbitrary DLL to be loaded via a crafted RPC message. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 SP2. Exploitation requires th...

9CVSS6.5AI score0.34878EPSS
cve
cve
added 2010/06/08 10:0 p.m.71 views

CVE-2010-1255

CVE-2010-1255 maps to the Win32k TrueType Font Parsing Vulnerability in Windows kernel-mode driver win32k.sys. The issue concerns how glyph outline information is provided to user-mode applications, enabling local users to execute arbitrary code in kernel mode. Affected products include Windows 2...

6.8CVSS7.2AI score0.05068EPSS
cve
cve
added 1999/09/29 4:0 a.m.70 views

CVE-1999-0372

The CVE concerns the BackOffice Server installer leaking credentials: account names and passwords are written to a setup file (reboot.ini) and not deleted after installation. This exposes partial confidentiality risk on local execution, per the CVSS metrics (Low base score, Local attack vector, n...

2.1CVSS7AI score0.04549EPSS
cve
cve
added 2001/07/27 4:0 a.m.70 views

CVE-2001-0350

Summary: CVE-2001-0350 affects Microsoft Windows 2000 Telnet Service, where the service creates named pipes with predictable names and does not verify them, enabling unprivileged local users to execute arbitrary code in the Local System context by providing a malicious named pipe and triggering c...

4.6CVSS7.1AI score0.01483EPSS
cve
cve
added 2003/04/02 5:0 a.m.70 views

CVE-2002-0597

The CVE-2002-0597 entry concerns Microsoft Windows 2000 where the LANMAN service, enabled by default, processes malformed data sent to port 445 (microsoft-ds). The root cause is that malformed packets exhaust kernel memory/resources, leading to denial of service and degraded or failing system beh...

5CVSS6.6AI score0.515EPSS
cve
cve
added 2005/08/10 4:0 a.m.70 views

CVE-2005-0058

CVE-2005-0058 describes a buffer overflow in the Windows Telephony API (TAPI) that can allow either remote code execution or local privilege elevation, depending on OS/version and configuration. Affected platforms include Windows 98/98 SE/ME, Windows 2000, Windows XP, and Windows Server 2003. The...

7.5CVSS7.4AI score0.50047EPSS
cve
cve
added 2005/06/09 4:0 a.m.70 views

CVE-2005-1935

CVE-2005-1935 documents a heap-based buffer overflow in the BERDecBitString function of Microsoft's ASN.1 library (MSASN1.DLL). The overflow occurs when processing nested constructed bit strings, leading to a realloc of a non-null pointer and potential overwrite of freed memory, demonstrated via ...

7.5CVSS7.9AI score0.26629EPSS
cve
cve
added 2006/05/12 12:0 a.m.70 views

CVE-2006-2334

The CVE-2006-2334 issue affects the Windows NT kernel user-mode path conversion: the RtlDosPathNameToNtPathName_U API in NTDLL.DLL on Windows 2000 SP4 and XP SP2 mishandles DOS-style paths with trailing spaces, allowing context-dependent attackers to create files that aren’t accessible via the ex...

2.1CVSS6.5AI score0.04361EPSS
cve
cve
added 2009/10/14 10:0 a.m.70 views

CVE-2009-2515

CVE-2009-2515 is a Windows kernel local elevation-of-privilege vulnerability caused by an incorrect truncation of a 64-bit value to 32-bit. The issue affects multiple Windows editions listed in MS09-058 (including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008). An ...

7.2CVSS6.1AI score0.01546EPSS
cve
cve
added 2009/10/14 10:0 a.m.70 views

CVE-2009-2516

CVE-2009-2516 concerns a Windows kernel vulnerability where the kernel does not properly validate data while parsing PE files. The issue stems from traversing a chain in user-mode data and can trigger a NULL pointer dereference, potentially allowing local privilege escalation and system instabili...

7.1CVSS6AI score0.0133EPSS
cve
cve
added 2010/04/14 3:44 p.m.70 views

CVE-2010-0478

CVE-2010-0478 is a stack-based buffer overflow in the Windows Media Unicast Service (NUMS.exe) of Windows Media Services on Windows 2000 Server SP4. The vulnerability allows remote code execution via specially crafted transport information packets. Public references indicate exploitation through ...

9.3CVSS8AI score0.63024EPSS
cve
cve
added 2002/06/25 4:0 a.m.69 views

CVE-2002-0070

CVE-2002-0070 describes a buffer overflow in the Windows Shell (the Windows Desktop environment) that can allow arbitrary code execution. The vulnerability stems from an unchecked buffer in the URL handler mapping for applications that have been partially removed; if an application with custom UR...

7.6CVSS7.7AI score0.202EPSS
cve
cve
added 2002/12/17 5:0 a.m.69 views

CVE-2002-1258

CVE-2002-1258 affects Microsoft Virtual Machine (VM) up to build 5.0.3805, as used in Internet Explorer and other applications. The vulnerability allows remote attackers to read files via a Java applet whose CODEBASE parameter in the APPLET tag is spoofed, likely due to a parsing error. Documents...

5CVSS6.8AI score0.15304EPSS
cve
cve
added 2004/04/16 4:0 a.m.69 views

CVE-2003-0663

CVE-2003-0663 is an LDAP Denial of Service vulnerability affecting the Local Security Authority Subsystem Service (LSASS) on Windows 2000 domain controllers. A remote attacker could trigger a denial of service by sending a specially crafted LDAP message to LSASS, causing the domain controller to ...

5CVSS7.2AI score0.31881EPSS
cve
cve
added 2004/12/15 5:0 a.m.69 views

CVE-2004-0894

CVE-2004-0894 is a local elevation-of-privilege issue in LSASS on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability stems from incomplete validation of connection information by LSASS, allowing a locally authenticated user to gain complete control of the system by running a...

7.2CVSS6.5AI score0.03629EPSS
cve
cve
added 2005/02/08 5:0 a.m.69 views

CVE-2005-0047

CVE-2005-0047 relates to a local privilege-escalation vulnerability in Windows OLE/COM Structured Storage handling (CAN-2005-0047) affecting Windows 2000, Windows XP, and Windows Server 2003. The root cause is improper validation of memory regions when processing COM structured storage files, ena...

7.2CVSS7.1AI score0.05132EPSS
cve
cve
added 2005/11/17 11:0 a.m.69 views

CVE-2005-3644

CVE-2005-3644 describes a memory exhaustion/DoS condition in the Windows Plug and Play (PnP) service. The issue arises in UPnP handling via RPC calls (PNP_GetDeviceList) in Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, where a remote attacker can request a large output bu...

7.8CVSS6.7AI score0.47127EPSS
cve
cve
added 2006/06/13 7:0 p.m.69 views

CVE-2006-1313

CVE-2006-1313 is the Microsoft JScript memory corruption remote code execution vulnerability documented in MS06-023. It affects JScript in Windows 98/Me, Windows 2000 SP4, Windows XP (incl. SP1/SP2), and Windows Server 2003 families, including x64/Itanium variants, where JScript may release objec...

6.8CVSS7.4AI score0.28602EPSS
cve
cve
added 2006/11/14 10:0 p.m.69 views

CVE-2006-4689

CVE-2006-4689 covers a NetWare Driver Denial of Service in the Microsoft Client Service for NetWare (CSNW). Affected systems include Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 with SP1. The vulnerability arises from an unchecked handling of a crafted network message that could caus...

5CVSS6.6AI score0.34456EPSS
cve
cve
added 2008/01/08 8:0 p.m.69 views

CVE-2007-0066

CVE-2007-0066 describes a denial-of-service in the Windows kernel TCP/IP/ICMP handling when Router Discovery Protocol (RDP) is enabled. The vulnerability arises from how fragmented router advertisement ICMP queries are processed, potentially causing an out-of-bounds read and system unresponsivene...

7.1CVSS6.2AI score0.31525EPSS
cve
cve
added 2009/03/11 2:0 p.m.69 views

CVE-2009-0094

This CVE describes WPAD/ISATAP spoofing via WINS/DNS server vulnerabilities in Windows 2000 SP4 and Windows Server 2003 SP1/SP2. The root cause is lack of restrictions on registering WPAD/ISATAP names in WINS (and WPAD in DNS in related entries), enabling remote authenticated actors to hijack WPA...

5.5CVSS6.1AI score0.23461EPSS
cve
cve
added 2010/04/14 3:44 p.m.69 views

CVE-2010-0486

CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...

9.3CVSS7.6AI score0.22037EPSS
cve
cve
added 2010/05/05 6:0 p.m.69 views

CVE-2010-1735

The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...

4.9CVSS6.3AI score0.02491EPSS
cve
cve
added 2000/02/04 5:0 a.m.68 views

CVE-1999-0595

CVE-1999-0595 affects Windows NT: during shutdown the system page file is not cleared, potentially leaving sensitive information in the paging file. This is described across multiple sources (NVD entry and various CVE records). The available documents indicate a confidentiality impact (partial) w...

2.1CVSS6.5AI score0.02482EPSS
cve
cve
added 2000/10/13 4:0 a.m.68 views

CVE-2000-0771

CVE-2000-0771 refers to a Windows 2000 vulnerability where a local user can corrupt the local security policy by processing malformed RPC traffic, described as the “Local Security Policy Corruption.” The issue is a local-privilege-consistency disruption with a documented impact of partial availab...

2.1CVSS6.2AI score0.01526EPSS
cve
cve
added 2001/09/18 4:0 a.m.68 views

CVE-2001-0351

The CVE-2001-0351 entry concerns Microsoft Windows 2000 Telnet Service. The vulnerability allows an unprivileged local user to invoke a system call that terminates an existing Telnet session, producing a denial-of-service condition. Affected software is Windows 2000 with the Telnet Service; the u...

2.1CVSS6.3AI score0.01985EPSS
cve
cve
added 2005/07/14 4:0 a.m.68 views

CVE-2001-1517

CVE-2001-1517 affects Windows 2000 RunAs (runas.exe). The issue is that cleartext authentication data is stored in memory, potentially allowing a attacker to recover usernames and passwords by a process sharing the same memory page after a RunAs operation ends. Evidence in connected sources confi...

2.1CVSS6.9AI score0.02121EPSS
cve
cve
added 2007/11/01 5:0 p.m.68 views

CVE-2002-2401

NTVDM.EXE in Windows 2000/NT/XP fails to verify user execution permissions for 16‑bit executables, allowing local users to bypass the loader and run arbitrary programs. Root cause: missing permission verification on 16‑bit file execution. Mitigation/remediation details are not provided in the con...

3.6CVSS7.4AI score0.01808EPSS
cve
cve
added 2004/04/16 4:0 a.m.68 views

CVE-2003-0908

CVE-2003-0908 describes a local privilege-elevation issue in Windows 2000 where Utility Manager can be coerced to launch winhlp32.exe with SYSTEM privileges via crafted Windows messages targeting the Help button, enabling arbitrary code execution (as shown in a Shatter-style vector). Connected so...

7.2CVSS7.5AI score0.27422EPSS
cve
cve
added 2004/12/01 5:0 a.m.68 views

CVE-2004-1080

Summary: CVE-2004-1080 describes a remote memory overwrite in the Windows WINS service (wins.exe) via a crafted WINS replication packet sent to TCP port 42, which could allow arbitrary code execution. Affected products: Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003...

10CVSS7.3AI score0.81699EPSS
cve
cve
added 2005/10/21 4:0 a.m.68 views

CVE-2005-2126

The CVE-2005-2126 entry concerns a tampering vulnerability in the Windows FTP client. Public documentation (MS05-044/MSKB 905495 and CERT 415828) describes that when Enable Folder View for FTP Sites is enabled and a user initiates an FTP transfer, a remote server can craft file names to cause the...

2.6CVSS6.7AI score0.1383EPSS
cve
cve
added 2008/12/10 1:33 p.m.68 views

CVE-2008-3465

CVE-2008-3465 describes a heap overflow in the GDI API used when processing WMF images. The vulnerability arises from parsing a malformed file-size parameter in WMF files, which could allow a remote attacker to cause a denial of service or execute arbitrary code on affected Windows variants. Affe...

9.8CVSS7.8AI score0.13674EPSS
cve
cve
added 2009/03/10 8:0 p.m.68 views

CVE-2009-0081

The CVE-2009-0081 issue is a Windows kernel vulnerability in the Graphics Device Interface (GDI). The flaw occurs when input from user mode is not properly validated by the kernel’s GDI path, enabling remote code execution via crafted WMF/EMF image files. Affected: multiple Windows versions histo...

9.3CVSS7.4AI score0.32106EPSS
cve
cve
added 2009/11/11 7:0 p.m.68 views

CVE-2009-1127

Microsoft Windows kernel Win32k subsystem (Win32k.sys) contains multiple vulnerabilities disclosed under CVE-2009-1127, CVE-2009-2513, and CVE-2009-2514 (MS09-065). The common root cause across the entries is improper validation of arguments passed to kernel/system calls (and related GDI input ha...

7.2CVSS6.1AI score0.01546EPSS
cve
cve
added 2010/02/10 6:0 p.m.68 views

CVE-2010-0023

CVE-2010-0023 affects the Client/Server Runtime Subsystem (CSRSS) on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The vulnerability stems from CSRSS not properly terminating processes after user logout, enabling a local attacker to gain privileges or access sensitive information via a craft...

6.9CVSS6.1AI score0.01812EPSS
cve
cve
added 2010/03/31 7:0 p.m.68 views

CVE-2010-0491

CVE-2010-0491 is the IE HTML Object Memory Corruption vulnerability (Use-after-free) affecting Internet Explorer 5.01 SP4, 6, and 6 SP1. Exploitation requires crafting a page with an onreadystatechange handler to trigger arbitrary code execution; Microsoft documented this as part of MS10-018 and ...

9.3CVSS7.5AI score0.29284EPSS
Total number of security vulnerabilities460