56 matches found
CVE-2010-0232
CVE-2010-0232 is a Windows kernel elevation-of-privilege vulnerability affecting 16‑bit BIOS call handling in NTVDM. When 16‑bit app access is enabled on 32‑bit x86, the kernel fails to validate certain BIOS calls, allowing a local user to craft a VDM_TIB in the TEB and trigger the NTVDM NtVdmCon...
CVE-2002-0367
CVE-2002-0367 affects Windows NT/2000 and involves the smss.exe debugging subsystem not properly authenticating connections to privileged processes. This allows a local attacker to gain Administrator or SYSTEM privileges by duplicating a handle to a privileged process. The vulnerability is charac...
CVE-2004-0210
CVE-2004-0210 describes a local privilege escalation in the Windows POSIX subsystem affecting Windows NT 4.0 and Windows 2000. The vulnerability is a buffer overflow caused by unchecked message length handling in the POSIX subsystem, enabling a local authenticated user to gain full system privile...
CVE-2009-1123
CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...
CVE-2004-0230
Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.
CVE-2008-4250
The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...
CVE-2008-4609
CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...
CVE-2008-4037
CVE-2008-4037 describes a remote code-execution condition in various Windows platforms where SMB servers can replay NTLM credentials to a client, enabling arbitrary code execution (SMB Credential Reflection). The issue, demonstrated by backrush, is part of the SMB relay/credential reflection fami...
CVE-2009-1926
CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...
CVE-2009-1930
The CVE-2009-1930 entry describes a Telnet Credential Reflection vulnerability in Windows Telnet service. A remote attacker could trigger arbitrary code execution by replaying NTLM credentials from a client to the Telnet server. Affected products include Windows 2000 (SP4), XP (SP2/SP3), Server 2...
CVE-2009-1133
CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...
CVE-2004-0574
CVE-2004-0574 affects the NNTP component in Windows NT 4.0 Server, Windows 2000 Server, Windows Server 2003, Exchange 2000/2003, enabling remote code execution via XPAT pattern handling. The issue stems from improper length validation and unchecked buffers, leading to off-by-one and heap-based ov...
CVE-2009-1925
CVE-2009-1925 is the TCP/IP Timestamps Code Execution vulnerability in Windows. A remote attacker can execute arbitrary code by sending specially crafted TCP/IP packets to a listening service; the flaw arises from the TCP/IP stack not cleaning up state information, causing a field to be misinterp...
CVE-1999-1593
The connected documents confirm CVE-1999-1593 affects the Windows Internet Naming Service (WINS) and enables remote attackers to cause denial of service or credential theft by a crafted 1Ch registration that redirects the domain controller to a malicious server. The impact is described as complet...
CVE-2009-2494
Microsoft ATL (Active Template Library) in Windows platforms vulnerable to remote code execution due to an erroneous free operation after reading a variant from a stream and deleting it (ATL Object Type Mismatch). Affected products include Windows XP/2000/2003/Vista/Server editions as listed in M...
CVE-2002-0391
CVE-2002-0391 describes an integer overflow in the xdr_array function of RPC servers using libc/glibc or SunRPC-based code (e.g., dietlibc), enabling remote code execution by passing a large number of RPC arguments. The OpenVAS/DSA entries show Debian advisories addressing this issue across multi...
CVE-2002-0862
CVE-2002-0862 concerns the CryptoAPI in Microsoft products (Windows 98 through XP; Office for Mac; IE for Mac; Outlook Express for Mac). The issue: the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs fail to properly verify the Basic Constraints of intermediate ...
CVE-2007-1765
CVE-2007-1765 refers to a remote code execution/DoS vulnerability in Microsoft Windows (Windows 2000 SP4 through Vista) via a malformed ANI file that corrupts memory while processing cursors/animated cursors/icons in LoadAniIcon() of USER32.dll. Connected sources identify this as MS07-017 (RIFF/A...
CVE-2010-0024
The CVEs concern the Windows SMTP service (smtpsvc.dll) used by Microsoft Windows 2000 SP4, Windows XP SP3, Windows Server 2003 SP2, Windows Server 2008 SP2/R2, Exchange Server 2003 SP3, Exchange Server 2007 SP2, and Exchange Server 2010. CVE-2010-0024 describes a flaw in parsing DNS MX records t...
CVE-2000-1218
The CVE relates to Microsoft Windows 98, NT 4.0, 2000, and XP where the default domain name resolver configuration sets QueryIpMatching to 0. This causes the resolver to accept DNS updates from hosts it did not query, enabling DNS cache poisoning by a remote attacker. The PTSecurity entry confirm...
CVE-2009-2498
The CVE-2009-2498 entry corresponds to a code-execution vulnerability in Microsoft Windows Media Format Runtime (versions 9.0, 9.5, 11) and Windows Media Services 9.1/2008, triggered by parsing malformed ASF/WMV/WMA headers. Connected advisories (e.g., CPAI-2014-1114; OpenVAS 901012) corroborate ...
CVE-2009-2499
The CVE-2009-2499 issue affects Microsoft Windows components: Windows Media Format Runtime versions 9.0, 9.5, and 11, and Windows Media Foundation on Windows Vista (Gold, SP1, SP2) and Server 2008. The vulnerability arises when processing MP3 files with crafted metadata, triggering memory corrupt...
CVE-2010-1690
CVE-2010-1690 describes a DNS spoofing vulnerability in the Windows SMTP/Exchange DNS handling: smtpsvc.dll before 6.0.2600.5949 does not verify that DNS response transaction IDs match the corresponding query IDs, enabling potential MITM spoofing of DNS responses. Affected products span Windows 2...
CVE-2009-0087
CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...
CVE-2007-6255
The CVE-2007-6255 issue affects the Microsoft HeartbeatCtl ActiveX control (HeartbeatCtl ActiveX in HRTBEAT.OCX). A buffer overflow occurs when processing the Host parameter, potentially allowing a remote attacker to execute arbitrary code. Exploitation is possible if a user is convinced to view ...
CVE-2010-0025
Technical details for CVE-2010-0025 are not provided in the connected documents; only related DNS spoofing CVEs are present. Monitor for updates.
CVE-2004-0213
CVE-2004-0213 - Windows 2000 Utility Manager Privilege Elevation : The flaw occurs when Utility Manager launches winhlp32.exe with Local System privileges. A locally authenticated user can exploit a Shatter-style sequence by sending crafted Windows messages to Utility Manager to trigger winhlp32 ...
CVE-2010-1734
The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...
CVE-2002-0055
CVE-2002-0055 affects the SMTP service in Windows 2000, Windows XP Professional, and Exchange 2000. The vulnerability is triggered by a malformed BDAT data transfer request, allowing remote denial-of-service by an attacker. Connected documents corroborate this and reference MS02-012 (MSKB 313450)...
CVE-2009-1920
The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...
CVE-2004-0119
CVE-2004-0119 describes a remote code execution and potential denial-of-service vulnerability in the Negotiate Security Support Provider (SSP) interface used by SPNEGO authentication in Windows 2000, Windows XP, and Windows Server 2003. The flaw is a buffer overrun in processing authentication pr...
CVE-2008-3008
CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...
CVE-2010-0016
CVE-2010-0016 is a remote code execution vulnerability in the SMB client of Microsoft Windows (affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2). The root cause is improper validation of fields in SMB responses by the SMB client, which can allow a crafted SMB response from a malicious ...
CVE-2010-1689
The Red Hat and NVD entries confirm concrete details for CVE-2010-1689 and CVE-2010-1690: the DNS handling in smtpsvc.dll on Windows and Exchange product lines prior to specific builds uses predictable DNS transaction IDs (CVE-2010-1689) and does not verify that response IDs match queries (CVE-20...
CVE-2002-0054
CVE-2002-0054 affects the SMTP service in Windows 2000 and the Internet Mail Connector (IMC) in Exchange Server 5.5. The issue stems from improper handling of NTLM authentication responses, enabling remote attackers to relay mail via SMTP AUTH using a null session. Public references describe this...
CVE-2009-0231
CVE-2009-0231 concerns a heap-based overflow in the Embedded OpenType Font Engine (T2EMBED.DLL) used by Microsoft Windows. The vulnerability stems from an integer truncation while processing OpenType font records, allowing remote attackers to execute arbitrary code by delivering a crafted EOT/Ope...
CVE-2001-1452
Affected software: Windows NT 4.0 and Windows 2000 Server. Vulnerability: DNS servers cache glue records from non-delegated name servers by default, enabling remote attackers to poison the DNS cache via spoofed DNS responses. Root cause: Default caching behavior of glue records. Impact: DNS cache...
CVE-2008-0087
CVE-2008-0087 describes a DNS spoofing vulnerability in the Windows DNS client. The issue stems from insufficient randomness in DNS transaction IDs, allowing remote attackers to spoof responses for vulnerable Windows clients (Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, and Vista). The OpenVAS ...
CVE-2005-1987
CVE-2005-1987 is a remote code execution vulnerability in Microsoft Collaboration Data Objects (CDO) used by CDOSYS/CDOEX on Windows and Exchange. An unchecked buffer triggered by processing a malformed SMTP/email header (e.g., oversized Content-Type) can allow an attacker to execute arbitrary co...
CVE-2008-5112
The CVE describes an LDAP authentication behavior in Microsoft Windows 2000 SP4 and Server 2003 SP1/SP2, where the Active Directory LDAP server responds differently to failed binds based on whether the user exists and is allowed to login. This enables remote attackers to enumerate valid usernames...
CVE-2009-2519
CVE-2009-2519 describes a remote code execution vulnerability in the DHTML Editing Component ActiveX Control (triedit.dll) bundled with Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The flaw arises when formatting HTML markup, allowing a crafted web page viewed in Internet Explorer to trigge...
CVE-2010-1735
The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...
CVE-2002-0051
CVE-2002-0051 describes a local vulnerability in Windows 2000 where an attacker can prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Affected products include Windows 2000 Server editions. The underlying issue is the ability to obtain ...
CVE-2008-5232
CVE-2008-5232 : Buffer overflow in the CallHTMLHelp method of the Windows Media Services nskey.dll ActiveX control (version 4.1.00.3917) on Windows NT/2000 and Avaya Media/Message Application servers. Remote attackers can execute arbitrary code via a long argument. Affected component: ActiveX con...
CVE-2009-1539
CVE-2009-1539 concerns a DirectShow DirectX/Quartz component (quartz.dll) in Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The QuickTime Movie Parser Filter fails to validate certain size fields in QuickTime media files, enabling remote code execution via a crafted file or streaming content....
CVE-2001-0509
CVE-2001-0509 affects RPC servers in Microsoft Exchange Server 2000 and earlier, Microsoft SQL Server 2000 and earlier, Windows NT 4.0, and Windows 2000. The vulnerability allows remote attackers to cause a denial of service via malformed inputs. No exploitation details or specific fixes are prov...
CVE-2003-0227
Microsoft Windows Media Services ISAPI extension (nsiislog.dll) handling unicast/multicast logging on Windows NT 4.0/2000 is vulnerable. A remote attacker can cause IIS denial of service and execute arbitrary code via a crafted network request. OpenVAS notes active code execution vulnerabilities;...
CVE-2006-0005
The CVE-2006-0005 vulnerability is a buffer overflow in the Windows Media Player plug-in (npdsplay.dll) used by non‑Microsoft browsers. When a user views HTML containing an EMBED tag with a long src attribute, it may allow remote code execution in the user’s context. Affected software includes Wi...
CVE-2008-2252
CVE-2008-2252 maps to a Windows kernel memory corruption vulnerability (Windows kernel memory input validation). The Affected Software includes Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/SP1), and Server 2008. Root cause: the kernel improperly validates input passed from user ...
CVE-2009-1538
The CVE-2009-1538 family affects Microsoft DirectShow (quartz.dll) within DirectX 7.0–9.0c and DirectX/Windows DirectShow on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. A vulnerability exists in pointer validation when updating a QuickTime file, enabling remote code execution if a user ope...