229 matches found
CVE-2009-2524
CVE-2009-2524 refers to an Integer Overflow in LSASS during NTLM authentication in multiple Windows versions. A malformed NTLM packet can cause LSASS to crash and reboot the host, i.e., a denial-of-service condition. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows ...
CVE-2011-0657
CVE-2011-0657 affects the DNSAPI.dll DNS client in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 SP1). Root cause: improper processing of DNS queries by the DNS client, enabling remote attackers to run arbitrary code via (1) a crafted L...
CVE-2009-2493
CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...
CVE-2010-0480
CVE-2010-0480 is a remote code execution vulnerability in Microsoft MPEG Layer-3 codecs. The issue arises from multiple stack-based buffer overflows in the MPEG Layer-3 audio decoders (l3codecx.ax and related ACM codecs) when processing crafted AVI files, affecting Windows 2000 SP4, XP SP2/SP3, S...
CVE-2010-0476
CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...
CVE-2009-2500
This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...
CVE-2009-2528
CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...
CVE-2011-2003
CVE-2011-2003 : A buffer overflow in win32k.sys used by kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 RTM/SP1) can be triggered by a crafted .fon file. The vulnerability arises from an input validation error when the ke...
CVE-2010-0231
CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...
CVE-2012-0175
CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...
CVE-2010-0020
CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...
CVE-2015-0005
CVE-2015-0005 (NETLOGON Spoofing Vulnerability) affects Windows as a domain controller feature: the NETLOGON service on Windows Server 2003 SP2, 2008 SP2 and R2 SP1, and Windows Server 2012 Gold/R2, when configured as a Domain Controller, can be abused by remote attackers to spoof the computer na...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2015-2370
CVE-2015-2370 involves an elevation-of-privilege flaw in Windows RPC/DCOM: the DCE/RPC reflection enables a local attacker to gain privileges via a crafted OBJREF, allowing a local user to trigger RPC auth relaying. Affected products span Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2...
CVE-2006-7210
The CVE-2006-7210 entry relates to Microsoft Windows 2000, XP, and Server 2003 where remote attackers can trigger a DoS (CPU consumption) by viewing a crafted PNG image that abuses the IHDR block (specifics: crafted Width and Height values). The vulnerability affects the PNG image handling path i...
CVE-2010-2550
CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...
CVE-2010-3956
CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....
CVE-2009-2507
CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2010-0022
CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...
CVE-2011-1249
CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...
CVE-2010-0021
CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2009-2510
Technical details for CVE-2009-2510 are not publicly provided in the connected documents. Please monitor for updates.
CVE-2009-1537
Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...
CVE-2007-0843
CVE-2007-0843 concerns the ReadDirectoryChangesW API on Windows 2000/XP/2003/Vista. The vulnerability arises because ReadDirectoryChangesW does not check the caller’s permissions for child directories, allowing a user with LIST access to a parent folder to monitor and infer information about file...
CVE-2011-0661
CVE-2011-0661 describes a remote code execution vulnerability in the Windows SMB Server service. The root cause is improper validation of fields in SMB requests by the SMB Server, allowing an unauthenticated remote attacker to execute arbitrary code via a malformed SMBv1 or SMBv2 packet. Affected...
CVE-2009-2504
CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...
CVE-2009-2503
CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...
CVE-2007-0040
CVE-2007-0040 affects Microsoft Windows Active Directory’s LDAP service (Windows 2000 Server SP4, Windows Server 2003 SP1/SP2, x64, Itanium variants). The issue is an LDAP request handling flaw related to the number of convertible attributes, enabling remote attackers to crash the service or exec...
CVE-2010-0269
CVE-2010-0269 is a remote code execution vulnerability in the Microsoft SMB client. The issue arises from improper memory allocation when parsing specially crafted SMB responses, enabling an unauthenticated attacker to execute arbitrary code on a vulnerable system by sending a crafted SMB respons...
CVE-2010-2566
The CVE-2010-2566 issue is a remote code execution vulnerability in Microsoft Windows SChannel (TLS/SSL) where the SChannel security package fails to properly validate certificate request messages from TLS/SSL servers. This affects Windows XP SP2/SP3 and Windows Server 2003 SP2. An attacker could...
CVE-2010-1885
The CVE-2010-1885 entry concerns the Windows Help and Support Center (HelpCtr) in Windows XP and Windows Server 2003. The vulnerability stems from the MPC::HexToNum function in helpctr.exe failing to properly handle malformed escape sequences, allowing a crafted hcp:// URL to bypass the trusted d...
CVE-2011-1281
CVE-2011-1281 affects the Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem across multiple Windows versions: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and Windows 7 Gold/SP1. The issue stems from AllocConsole() handling when...
CVE-2012-2556
CVE-2012-2556 : OpenType Font (OTF) parsing vulnerability in Windows kernel‑mode drivers allows remote code execution via a crafted font file. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Root cause: improper hand...
CVE-2009-2514
CVE-2009-2514 is a Win32k.sys remote code execution vulnerability in the embedded OpenType (EOT) font parsing path. The kernel component on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 parses EOT fonts and can be coerced by a crafted font to execute arbitrary code with kernel privileges. The...
CVE-2015-2371
CVE-2015-2371 corresponds to a Windows Installer Service elevation-of-privilege issue. A local attacker can escalate privileges by abusing a custom action script within an MSI package, affecting multiple Windows editions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, W...
CVE-2010-2739
The CVE-2010-2739 issue is a buffer overflow in the Windows win32k.sys CreateDIBPalette() function. A crafted bitmap with a very large color palette, used via GetClipboardData, can crash the system and may allow arbitrary code execution locally on affected Windows versions: XP SP3, Server 2003 R2...
CVE-2011-1991
CVE-2011-1991 describes multiple untrusted search path vulnerabilities in Windows components that allow local privilege elevation via Trojan horse DLLs loaded from the current working directory. Affected products include Windows XP SP2/ SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Ser...
CVE-2015-2369
CVE-2015-2369 describes an untrusted search path vulnerability in Windows Media Device Manager that allows local privilege escalation by placing a malicious DLL in the current directory, demonstrated via a crafted .RTF file. Affected OS versions include Windows Server 2003 SP2, Windows Vista SP2,...
CVE-2010-1886
CVE-2010-1886 represents a local privilege-escalation issue in Windows where an attacker with access to a process running under the NetworkService account can gain LocalSystem privileges via the Windows Service Isolation mechanism. Documented vectors involve the TAPI Server and other services suc...
CVE-2010-1895
CVE-2010-1895 affects Windows kernel-mode driver win32k.sys on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is improper memory allocation when copying data from user mode to kernel mode, enabling local privilege escalation via a crafted application. Microsoft released patch MS10...
CVE-2015-2365
CVE-2015-2365 affects the Windows kernel component Win32k.sys (kernel-mode driver). A local attacker can gain privileges via a crafted application, leading to privilege escalation on multiple Windows platforms (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/R2, R...
CVE-2010-0252
CVE-2010-0252 describes a remote code execution risk in the Microsoft Data Analyzer ActiveX control (max3activex.dll) used in Office/Excel components. A crafted web page can corrupt the system state and run arbitrary code with the caller’s privileges. Microsoft addressed this via MS10-034, which ...
CVE-2011-1974
Affected software and root cause: The vulnerability CVE-2011-1974 affects the NDISTAPI.sys driver in the Remote Access Service (RAS) on Microsoft Windows XP SP2/SP3 and Windows Server 2003 SP2. It arises from improper validation of user-mode input by the NDISTAPI driver, which can be exploited to...
CVE-2015-2363
CVE-2015-2363 affects Windows kernel-mode graphics/driver component Win32k.sys, enabling local privilege escalation via a crafted application. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server ...
CVE-2007-2228
The CVE-2007-2228 entry describes a denial-of-service flaw in the RPC runtime library rpcrt4.dll on Windows platforms (XP SP2, XP x64, Server 2003 SP1/SP2, Server 2003 x64, Vista and Vista x64). The vulnerability occurs when parsing RPC authentication messages with NTLMSSP and PACKET level, where...
CVE-2010-0485
The CVE-2010-0485 issue affects Windows kernel-mode drivers in win32k.sys across multiple OS versions (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, Windows 7, Server 2008 R2). The vulnerability stems from improper validation of callback parameters when creat...
CVE-2009-0087
CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...
CVE-2010-2744
The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...