229 matches found
CVE-2010-1882
CVE-2010-1882 corresponds to a memory corruption/buffer overflow in the Microsoft DirectShow MPEG Layer-3 Audio Codec (l3codecx.ax). The vulnerability exists in the MPEG Layer-3 codec used by Windows Media/DirectShow and can be triggered by a specially crafted MPEG‑L3 audio stream in a media file...
CVE-2010-3943
CVE-2010-3943 affects Windows kernel-mode Win32k.sys, where driver objects are not properly linked, enabling local privilege escalation through linked-list corruption. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP...
CVE-2010-4562
CVE-2010-4562 affects Microsoft Windows platforms when using IPv6. It allows remote attackers to infer if a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and observing an Echo Reply (as demonstrated by thcping). The entry notes a typographical collision: so...
CVE-2011-0090
CVE-2011-0090 concerns Win32k.sys in the kernel-mode drivers of affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability stems from improper validation of data passed from user mode to kernel mode, enabling local privilege e...
CVE-2011-1885
The CVE-2011-1885 issue affects Win32k.sys in multiple Windows OS versions (Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/R2 SP1, Windows 7 Gold/SP1). It is a local privilege escalation caused by a NULL pointer dereference in kernel‑mode drivers, allowing a crafted a...
CVE-2010-0483
CVE-2010-0483 targets VBScript.dll in VBScript 5.1/5.6/5.7/5.8 on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. When Internet Explorer is used, referencing a crafted .hlp file via the MsgBox function’s helpfile argument (local, UNC, or WebDAV) can lead to code execution via winhlp32.exe if t...
CVE-2010-0484
CVE-2010-0484 affects Windows kernel-mode drivers in win32k.sys. The vulnerability arises from improper validation/memory handling when processing Device Contexts (DC) via GetDCEx, enabling local users to execute arbitrary code in kernel mode (ring0) on affected Windows versions. Affected are Win...
CVE-2010-0811
CVE-2010-0811 corresponds to a remote code execution vulnerability in the Internet Explorer 8 Developer Tools ActiveX control (iedvtool.dll). Public sources (OpenVAS/Nessus entries) tie this to Microsoft IE/Win components and list affected Windows versions including 2000 SP4, XP SP2/SP3, Server 2...
CVE-2010-3974
CVE-2010-3974 is a memory corruption vulnerability in the Windows Fax Cover Page Editor (fxscover.exe) that occurs when parsing crafted Fax cover pages (.cov). A remote attacker could execute arbitrary code on affected systems by convincing a user to open a malicious fax cover page file. Affected...
CVE-2011-1894
The CVE-2011-1894 issue affects the MHTML protocol handler used by Microsoft Windows components (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/R2, Windows 7 SP1). The vulnerability arises from improper handling of a MIME format in requests for embedded content within an HTML docume...
CVE-2009-2513
CVE-2009-2513 is the Win32k Insufficient Data Validation Vulnerability affecting the Windows kernel-mode GDI path (win32k.sys). The issue stems from improper validation of user-mode input in the GDI subsystem, allowing local users to execute arbitrary code in kernel mode and escalate privileges. ...
CVE-2010-0494
CVE-2010-0494 is the HTML Element Cross-Domain Vulnerability in Internet Explorer (IE6/6 SP1/7/8) that allows information disclosure when a user drags one IE window across another. The issue affects IE’s handling of cross-domain scripting context and is addressed by Microsoft Security Bulletin MS...
CVE-2010-0812
ISATAP IPv6 Source Address Spoofing vulnerability (CVE-2010-0812) affects Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The flaw in the Windows TCP/IP stack checks the inner IPv6 source in tunneled ISATAP packets, enabling spoofing that could bypass IPv4 source-address ...
CVE-2009-1928
The CVE-2009-1928 entry describes an LSASS Recursive Stack Overflow vulnerability that causes denial of service in Active Directory implementations. Affected software includes: Microsoft Windows 2000 Server SP4, Windows Server 2003 SP2, Windows Server 2008 (Gold and SP2) Active Directory; Active ...
CVE-2010-3940
CVE-2010-3940 is a Windows kernel-mode driver (win32k.sys) vulnerability described as a double-free in the Win32k PFE pointer handling that could allow local privilege elevation. Affected platforms include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Go...
CVE-2011-1247
CVE-2011-1247 describes an untrusted search path vulnerability in the Microsoft Active Accessibility component that affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 RTM/SP1. The underlying flaw is insecure library loading (DLL l...
CVE-2012-1865
CVE-2012-1865 affects Microsoft Windows kernel- mode drivers (notably win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause, as described in the CVE entry, is that user-mode input passed to kernel mode for driver ob...
CVE-2013-1341
CVE-2013-1341 affects the Windows kernel component win32k.sys (kernel-mode drivers) and allows local privilege escalation via a crafted application on several Windows families. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8. Root cause: ...
CVE-2008-1087
CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...
CVE-2009-0230
CVE-2009-0230 : A remote authenticated elevation-of-privilege vulnerability in the Windows Print Spooler allowing an arbitrary DLL to be loaded via a crafted RPC message. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 SP2. Exploitation requires th...
CVE-2009-3675
CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...
CVE-2010-0807
CVE-2010-0807 affects Microsoft Internet Explorer 7 and is caused by improper handling of objects in memory when accessing a deleted object, leading to HTML Rendering Memory Corruption and remote code execution. The issue allows an attacker to run arbitrary code on a vulnerable machine, typically...
CVE-2010-1896
CVE-2010-1896 corresponds to Win32k User Input Validation Vulnerability. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 (Gold/SP2). The flaw is in win32k.sys where user-mode input is not properly validated before kernel-mode ...
CVE-2011-0662
CVE-2011-0662 is a Win32k.sys use-after-free vulnerability in Windows kernel-mode drivers that allows a local user to escalate privileges via a crafted application, due to incorrect driver object management. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2,...
CVE-2011-0676
CVE-2011-0676 affects Windows kernel-mode drivers (notably win32k.sys) across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in the Win32k subsystem that allows local users t...
CVE-2011-1268
CVE-2011-1268 affects the SMB client in various Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The issue is a remote code execution flaw caused by improper parsing of crafted SMB responses (SMBv1 or SMBv2), allowing an attacker to execute ar...
CVE-2013-1344
CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...
CVE-2010-1897
CVE-2010-1897 affects Windows kernel-mode drivers in win32k.sys across Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7. The vulnerability arises from improper validation of pseudo-handle values passed in callback parameters during Crea...
CVE-2010-2742
The CVE affects the Netlogon RPC Service in Windows Server 2003 SP2 and Windows Server 2008 Gold/SP2/R2 when the domain controller role is enabled. A remote attacker can trigger a denial-of-service via a crafted Netlogon RPC packet, causing a NULL pointer dereference and reboot. The issue is docu...
CVE-2011-1876
CVE-2011-1876 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) that allows local privilege escalation by abusing improper driver object management. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2...
CVE-2011-2011
The CVE-2011-2011 issue is a local privilege-escalation vulnerability in Windows kernel components, specifically Win32k.sys, affecting Windows XP, Server 2003, Vista, Server 2008/R2, and Windows 7 (Gold/SP1). Root cause: a use-after-free condition in win32k.sys due to incorrect driver object mana...
CVE-2015-2416
CVE-2015-2416 is a Windows OLE privilege-elevation vulnerability affecting multiple editions (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012). The root cause, as cited across connected sources, is an input-validation flaw in OLE that allows remote at...
CVE-2015-2417
CVE-2015-2417 describes an OLE-based elevation-of-privilege vulnerability in multiple Windows platforms (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1). The root cause is an input validation flaw in OLE t...
CVE-2008-1083
CVE-2008-1083 describes a remote-code-execution vulnerability in the Windows GDI component. The flaw occurs in the CreateDIBPatternBrushPt function when parsing malformed EMF/WMF image headers, leading to a heap-based/integer overflow in GDI and potentially arbitrary code execution on affected sy...
CVE-2010-1255
CVE-2010-1255 maps to the Win32k TrueType Font Parsing Vulnerability in Windows kernel-mode driver win32k.sys. The issue concerns how glyph outline information is provided to user-mode applications, enabling local users to execute arbitrary code in kernel mode. Affected products include Windows 2...
CVE-2010-1894
Win32k Exception Handling Vulnerability (CVE-2010-1894) affects Windows XP SP2/SP3 and Windows Server 2003 SP2 via win32k.sys. Description: the kernel-mode driver does not properly handle certain exceptions, enabling local privilege escalation by a crafted application. Impact: attacker could exec...
CVE-2011-0041
CVE-2011-0041 affects gdiplus.dll (GDI+) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 and Office XP SP3. Root cause: integer overflow in gdiplus!GpPath::CreateDashedPath when processing EMF/EMF+ images, enabling remote code execution. Verified references indicat...
CVE-2011-1880
CVE-2011-1880 affects Windows kernel-mode drivers, specifically Win32k.sys, across multiple OS versions (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold SP2/R2 and R2 SP1, Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in Win32k....
CVE-2011-0677
CVE-2011-0677 targets win32k.sys in Windows kernel-mode drivers, enabling local privilege escalation via a NULL pointer de-reference. A crafted application can trigger the vulnerability on affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 Go...
CVE-2011-1264
Active Directory Certificate Services Web Enrollment (AD CS Web Enrollment) on Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, R2, and R2 SP1 is affected by CVE-2011-1264. The vulnerability is a cross-site scripting (XSS) flaw in the Web Enrollment interface that allows remot...
CVE-2011-1870
CVE-2011-1870 is an integer overflow vulnerability in the Windows CSRSS component of the Win32 subsystem. The flaw occurs in SrvWriteConsoleOutputString, allowing a local attacker to cause memory corruption and potentially elevate privileges to kernel mode on affected systems (Windows XP SP2/SP3 ...
CVE-2007-0066
CVE-2007-0066 describes a denial-of-service in the Windows kernel TCP/IP/ICMP handling when Router Discovery Protocol (RDP) is enabled. The vulnerability arises from how fragmented router advertisement ICMP queries are processed, potentially causing an out-of-bounds read and system unresponsivene...
CVE-2008-3465
CVE-2008-3465 describes a heap overflow in the GDI API used when processing WMF images. The vulnerability arises from parsing a malformed file-size parameter in WMF files, which could allow a remote attacker to cause a denial of service or execute arbitrary code on affected Windows variants. Affe...
CVE-2009-1127
Microsoft Windows kernel Win32k subsystem (Win32k.sys) contains multiple vulnerabilities disclosed under CVE-2009-1127, CVE-2009-2513, and CVE-2009-2514 (MS09-065). The common root cause across the entries is improper validation of arguments passed to kernel/system calls (and related GDI input ha...
CVE-2010-0486
CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...
CVE-2010-1735
The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...
CVE-2011-1240
CVE-2011-1240 is a local privilege-escalation in the Windows kernel via the Win32k.sys use-after-free condition. A crafted local attack can abuse incorrect driver object management to execute code with kernel privileges on affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Ser...
CVE-2011-1874
CVE-2011-1874 is a local privilege-escalation vulnerability in Windows kernel-mode drivers, caused by a use-after-free in Win32k.sys due to incorrect driver object management. Affected products span Windows XP SP2–SP3, Server 2003 SP2, Vista SP1–SP2, Server 2008 Gold/SP2/R2/R2 SP1, and Windows 7 ...
CVE-2011-1882
The CVE-2011-1882 entry documents a local privilege-escalation vulnerability in Windows kernel-mode drivers, specifically in win32k.sys. The issue arises from a use-after-free condition due to incorrect driver object management, enabling a crafted user-space application to trigger privilege escal...
CVE-2008-1457
CVE-2008-1457 describes a remote code execution vulnerability in the Microsoft Windows Event System. The flaw occurs when creating per-user subscriptions, allowing an attacker with valid logon credentials to craft a subscription request that could run arbitrary code with system privileges. Affect...