Lucene search
K

56 matches found

CVE
CVE
added 2010/01/21 7:0 p.m.1047 views

CVE-2010-0232

CVE-2010-0232 is a Windows kernel elevation-of-privilege vulnerability affecting 16‑bit BIOS call handling in NTVDM. When 16‑bit app access is enabled on 32‑bit x86, the kernel fails to validate certain BIOS calls, allowing a local user to craft a VDM_TIB in the TEB and trigger the NTVDM NtVdmCon...

7.8CVSS6.2AI score0.29253EPSS
In wild
CVE
CVE
added 2003/04/02 5:0 a.m.1037 views

CVE-2002-0367

CVE-2002-0367 affects Windows NT/2000 and involves the smss.exe debugging subsystem not properly authenticating connections to privileged processes. This allows a local attacker to gain Administrator or SYSTEM privileges by duplicating a handle to a privileged process. The vulnerability is charac...

7.8CVSS8.9AI score0.05188EPSS
In wild
CVE
CVE
added 2004/07/14 4:0 a.m.1027 views

CVE-2004-0210

CVE-2004-0210 describes a local privilege escalation in the Windows POSIX subsystem affecting Windows NT 4.0 and Windows 2000. The vulnerability is a buffer overflow caused by unchecked message length handling in the POSIX subsystem, enabling a local authenticated user to gain full system privile...

7.8CVSS7.3AI score0.07606EPSS
In wild
CVE
CVE
added 2009/06/10 6:0 p.m.1010 views

CVE-2009-1123

CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...

7.8CVSS6.2AI score0.04918EPSS
In wildWeb
CVE
CVE
added 2004/05/05 4:0 a.m.812 views

CVE-2004-0230

Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.

5CVSS9.1AI score0.80855EPSS
CVE
CVE
added 2008/10/23 9:0 p.m.667 views

CVE-2008-4250

The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...

10CVSS9.5AI score0.98751EPSS
In wild
CVE
CVE
added 2008/10/20 5:0 p.m.522 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
CVE
CVE
added 2008/11/12 11:0 p.m.154 views

CVE-2008-4037

CVE-2008-4037 describes a remote code-execution condition in various Windows platforms where SMB servers can replay NTLM credentials to a client, enabling arbitrary code execution (SMB Credential Reflection). The issue, demonstrated by backrush, is part of the SMB relay/credential reflection fami...

9.3CVSS7.2AI score0.59136EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.147 views

CVE-2009-1926

CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...

7.8CVSS6.4AI score0.35042EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.145 views

CVE-2009-1930

The CVE-2009-1930 entry describes a Telnet Credential Reflection vulnerability in Windows Telnet service. A remote attacker could trigger arbitrary code execution by replaying NTLM credentials from a client to the Telnet server. Affected products include Windows 2000 (SP4), XP (SP2/SP3), Server 2...

10CVSS7.5AI score0.41388EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.123 views

CVE-2009-1133

CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...

9.3CVSS8.2AI score0.30496EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.122 views

CVE-2004-0574

CVE-2004-0574 affects the NNTP component in Windows NT 4.0 Server, Windows 2000 Server, Windows Server 2003, Exchange 2000/2003, enabling remote code execution via XPAT pattern handling. The issue stems from improper length validation and unchecked buffers, leading to off-by-one and heap-based ov...

10CVSS7.7AI score0.67822EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.122 views

CVE-2009-1925

CVE-2009-1925 is the TCP/IP Timestamps Code Execution vulnerability in Windows. A remote attacker can execute arbitrary code by sending specially crafted TCP/IP packets to a listening service; the flaw arises from the TCP/IP stack not cleaning up state information, causing a field to be misinterp...

10CVSS7.9AI score0.27402EPSS
CVE
CVE
added 2009/01/15 1:0 a.m.118 views

CVE-1999-1593

The connected documents confirm CVE-1999-1593 affects the Windows Internet Naming Service (WINS) and enables remote attackers to cause denial of service or credential theft by a crafted 1Ch registration that redirects the domain controller to a malicious server. The impact is described as complet...

7.6CVSS6.9AI score0.18126EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.112 views

CVE-2009-2494

Microsoft ATL (Active Template Library) in Windows platforms vulnerable to remote code execution due to an erroneous free operation after reading a variant from a stream and deleting it (ATL Object Type Mismatch). Affected products include Windows XP/2000/2003/Vista/Server editions as listed in M...

10CVSS7.4AI score0.42329EPSS
CVE
CVE
added 2002/09/10 4:0 a.m.107 views

CVE-2002-0862

CVE-2002-0862 concerns the CryptoAPI in Microsoft products (Windows 98 through XP; Office for Mac; IE for Mac; Outlook Express for Mac). The issue: the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs fail to properly verify the Basic Constraints of intermediate ...

6.8CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.106 views

CVE-2002-0391

CVE-2002-0391 describes an integer overflow in the xdr_array function of RPC servers using libc/glibc or SunRPC-based code (e.g., dietlibc), enabling remote code execution by passing a large number of RPC arguments. The OpenVAS/DSA entries show Debian advisories addressing this issue across multi...

10CVSS9.9AI score0.58133EPSS
Web
CVE
CVE
added 2007/03/30 12:0 a.m.101 views

CVE-2007-1765

CVE-2007-1765 refers to a remote code execution/DoS vulnerability in Microsoft Windows (Windows 2000 SP4 through Vista) via a malformed ANI file that corrupts memory while processing cursors/animated cursors/icons in LoadAniIcon() of USER32.dll. Connected sources identify this as MS07-017 (RIFF/A...

9.3CVSS7.7AI score0.54326EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.99 views

CVE-2010-0024

The CVEs concern the Windows SMTP service (smtpsvc.dll) used by Microsoft Windows 2000 SP4, Windows XP SP3, Windows Server 2003 SP2, Windows Server 2008 SP2/R2, Exchange Server 2003 SP3, Exchange Server 2007 SP2, and Exchange Server 2010. CVE-2010-0024 describes a flaw in parsing DNS MX records t...

5CVSS6.2AI score0.10746EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.96 views

CVE-2000-1218

The CVE relates to Microsoft Windows 98, NT 4.0, 2000, and XP where the default domain name resolver configuration sets QueryIpMatching to 0. This causes the resolver to accept DNS updates from hosts it did not query, enabling DNS cache poisoning by a remote attacker. The PTSecurity entry confirm...

9.8CVSS7AI score0.06088EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.95 views

CVE-2009-2498

The CVE-2009-2498 entry corresponds to a code-execution vulnerability in Microsoft Windows Media Format Runtime (versions 9.0, 9.5, 11) and Windows Media Services 9.1/2008, triggered by parsing malformed ASF/WMV/WMA headers. Connected advisories (e.g., CPAI-2014-1114; OpenVAS 901012) corroborate ...

9.3CVSS7.4AI score0.2121EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.93 views

CVE-2009-2499

The CVE-2009-2499 issue affects Microsoft Windows components: Windows Media Format Runtime versions 9.0, 9.5, and 11, and Windows Media Foundation on Windows Vista (Gold, SP1, SP2) and Server 2008. The vulnerability arises when processing MP3 files with crafted metadata, triggering memory corrupt...

8.5CVSS7.5AI score0.15546EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.89 views

CVE-2010-1690

CVE-2010-1690 describes a DNS spoofing vulnerability in the Windows SMTP/Exchange DNS handling: smtpsvc.dll before 6.0.2600.5949 does not verify that DNS response transaction IDs match the corresponding query IDs, enabling potential MITM spoofing of DNS responses. Affected products span Windows 2...

6.4CVSS6AI score0.06572EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.87 views

CVE-2009-0087

CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...

9.3CVSS7.5AI score0.25892EPSS
CVE
CVE
added 2008/04/23 10:0 a.m.86 views

CVE-2007-6255

The CVE-2007-6255 issue affects the Microsoft HeartbeatCtl ActiveX control (HeartbeatCtl ActiveX in HRTBEAT.OCX). A buffer overflow occurs when processing the Host parameter, potentially allowing a remote attacker to execute arbitrary code. Exploitation is possible if a user is convinced to view ...

9.3CVSS7.9AI score0.30179EPSS
CVE
CVE
added 2004/07/14 4:0 a.m.85 views

CVE-2004-0213

CVE-2004-0213 - Windows 2000 Utility Manager Privilege Elevation : The flaw occurs when Utility Manager launches winhlp32.exe with Local System privileges. A locally authenticated user can exploit a Shatter-style sequence by sending crafted Windows messages to Utility Manager to trigger winhlp32 ...

7.8CVSS7.6AI score0.21261EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.85 views

CVE-2010-0025

Technical details for CVE-2010-0025 are not provided in the connected documents; only related DNS spoofing CVEs are present. Monitor for updates.

5CVSS6.7AI score0.21491EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.82 views

CVE-2010-1734

The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...

4.9CVSS6.3AI score0.02658EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.78 views

CVE-2002-0055

CVE-2002-0055 affects the SMTP service in Windows 2000, Windows XP Professional, and Exchange 2000. The vulnerability is triggered by a malformed BDAT data transfer request, allowing remote denial-of-service by an attacker. Connected documents corroborate this and reference MS02-012 (MSKB 313450)...

5CVSS6.7AI score0.37564EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.78 views

CVE-2009-1920

The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...

9.3CVSS7.5AI score0.21507EPSS
CVE
CVE
added 2004/04/16 4:0 a.m.77 views

CVE-2004-0119

CVE-2004-0119 describes a remote code execution and potential denial-of-service vulnerability in the Negotiate Security Support Provider (SSP) interface used by SPNEGO authentication in Windows 2000, Windows XP, and Windows Server 2003. The flaw is a buffer overrun in processing authentication pr...

7.5CVSS7.9AI score0.39624EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.76 views

CVE-2008-3008

CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...

9.3CVSS7.6AI score0.54553EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.76 views

CVE-2010-0016

CVE-2010-0016 is a remote code execution vulnerability in the SMB client of Microsoft Windows (affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2). The root cause is improper validation of fields in SMB responses by the SMB client, which can allow a crafted SMB response from a malicious ...

9.3CVSS7.4AI score0.0867EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.75 views

CVE-2010-1689

The Red Hat and NVD entries confirm concrete details for CVE-2010-1689 and CVE-2010-1690: the DNS handling in smtpsvc.dll on Windows and Exchange product lines prior to specific builds uses predictable DNS transaction IDs (CVE-2010-1689) and does not verify that response IDs match queries (CVE-20...

6.4CVSS6AI score0.06628EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.74 views

CVE-2002-0054

CVE-2002-0054 affects the SMTP service in Windows 2000 and the Internet Mail Connector (IMC) in Exchange Server 5.5. The issue stems from improper handling of NTLM authentication responses, enabling remote attackers to relay mail via SMTP AUTH using a null session. Public references describe this...

7.5CVSS6.8AI score0.22328EPSS
CVE
CVE
added 2009/07/15 3:0 p.m.73 views

CVE-2009-0231

CVE-2009-0231 concerns a heap-based overflow in the Embedded OpenType Font Engine (T2EMBED.DLL) used by Microsoft Windows. The vulnerability stems from an integer truncation while processing OpenType font records, allowing remote attackers to execute arbitrary code by delivering a crafted EOT/Ope...

9.3CVSS8.7AI score0.37453EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.71 views

CVE-2001-1452

Affected software: Windows NT 4.0 and Windows 2000 Server. Vulnerability: DNS servers cache glue records from non-delegated name servers by default, enabling remote attackers to poison the DNS cache via spoofed DNS responses. Root cause: Default caching behavior of glue records. Impact: DNS cache...

7.5CVSS7.1AI score0.0938EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.71 views

CVE-2008-0087

CVE-2008-0087 describes a DNS spoofing vulnerability in the Windows DNS client. The issue stems from insufficient randomness in DNS transaction IDs, allowing remote attackers to spoof responses for vulnerable Windows clients (Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, and Vista). The OpenVAS ...

8.8CVSS6.8AI score0.32446EPSS
CVE
CVE
added 2005/10/13 4:0 a.m.70 views

CVE-2005-1987

CVE-2005-1987 is a remote code execution vulnerability in Microsoft Collaboration Data Objects (CDO) used by CDOSYS/CDOEX on Windows and Exchange. An unchecked buffer triggered by processing a malformed SMTP/email header (e.g., oversized Content-Type) can allow an attacker to execute arbitrary co...

7.5CVSS7.7AI score0.43446EPSS
CVE
CVE
added 2008/11/17 11:0 p.m.70 views

CVE-2008-5112

The CVE describes an LDAP authentication behavior in Microsoft Windows 2000 SP4 and Server 2003 SP1/SP2, where the Active Directory LDAP server responds differently to failed binds based on whether the user exists and is allowed to login. This enables remote attackers to enumerate valid usernames...

5CVSS6.5AI score0.19965EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.70 views

CVE-2009-2519

CVE-2009-2519 describes a remote code execution vulnerability in the DHTML Editing Component ActiveX Control (triedit.dll) bundled with Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The flaw arises when formatting HTML markup, allowing a crafted web page viewed in Internet Explorer to trigge...

9.3CVSS7.3AI score0.25618EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.69 views

CVE-2010-1735

The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...

4.9CVSS6.3AI score0.02491EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.67 views

CVE-2002-0051

CVE-2002-0051 describes a local vulnerability in Windows 2000 where an attacker can prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Affected products include Windows 2000 Server editions. The underlying issue is the ability to obtain ...

7.8CVSS7.5AI score0.00864EPSS
CVE
CVE
added 2008/11/26 1:0 a.m.66 views

CVE-2008-5232

CVE-2008-5232 : Buffer overflow in the CallHTMLHelp method of the Windows Media Services nskey.dll ActiveX control (version 4.1.00.3917) on Windows NT/2000 and Avaya Media/Message Application servers. Remote attackers can execute arbitrary code via a long argument. Affected component: ActiveX con...

9.3CVSS7.5AI score0.36107EPSS
CVE
CVE
added 2009/07/15 3:0 p.m.66 views

CVE-2009-1539

CVE-2009-1539 concerns a DirectShow DirectX/Quartz component (quartz.dll) in Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The QuickTime Movie Parser Filter fails to validate certain size fields in QuickTime media files, enabling remote code execution via a crafted file or streaming content....

9.3CVSS7.4AI score0.25818EPSS
CVE
CVE
added 2001/08/29 4:0 a.m.65 views

CVE-2001-0509

CVE-2001-0509 affects RPC servers in Microsoft Exchange Server 2000 and earlier, Microsoft SQL Server 2000 and earlier, Windows NT 4.0, and Windows 2000. The vulnerability allows remote attackers to cause a denial of service via malformed inputs. No exploitation details or specific fixes are prov...

5CVSS7.2AI score0.16975EPSS
CVE
CVE
added 2003/05/30 4:0 a.m.65 views

CVE-2003-0227

Microsoft Windows Media Services ISAPI extension (nsiislog.dll) handling unicast/multicast logging on Windows NT 4.0/2000 is vulnerable. A remote attacker can cause IIS denial of service and execute arbitrary code via a crafted network request. OpenVAS notes active code execution vulnerabilities;...

5CVSS7.6AI score0.38782EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.64 views

CVE-2006-0005

The CVE-2006-0005 vulnerability is a buffer overflow in the Windows Media Player plug-in (npdsplay.dll) used by non‑Microsoft browsers. When a user views HTML containing an EMBED tag with a long src attribute, it may allow remote code execution in the user’s context. Affected software includes Wi...

9.3CVSS7.4AI score0.43861EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.62 views

CVE-2008-2252

CVE-2008-2252 maps to a Windows kernel memory corruption vulnerability (Windows kernel memory input validation). The Affected Software includes Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/SP1), and Server 2008. Root cause: the kernel improperly validates input passed from user ...

7.2CVSS6AI score0.019EPSS
CVE
CVE
added 2009/07/15 3:0 p.m.61 views

CVE-2009-1538

The CVE-2009-1538 family affects Microsoft DirectShow (quartz.dll) within DirectX 7.0–9.0c and DirectX/Windows DirectShow on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. A vulnerability exists in pointer validation when updating a QuickTime file, enabling remote code execution if a user ope...

9.3CVSS7.6AI score0.2682EPSS
Total number of security vulnerabilities56