229 matches found
CVE-2008-0083
CVE-2008-0083 affects Microsoft VBScript/JScript scripting engines (VBScript.dll and JScript.dll) version 5.1 and 5.6 used in Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. A vulnerability in decoding scripts in Web pages and in memory loading could allow remote code execution through unknown...
CVE-2010-0238
CVE-2010-0238 corresponds to the Windows Kernel Registry Key Vulnerability. A denial-of-service occurs when the Windows kernel validates registry keys, enabling a crafted local app to cause the system to become unresponsive and reboot on affected products: Windows 2000 SP4, XP SP2/SP3, Server 200...
CVE-2011-1884
CVE-2011-1884 describes a use-after-free vulnerability in the Windows kernel‑mode driver component win32k.sys. The flaw arises from incorrect management of driver objects in the Win32k subsystem, enabling a local attacker to gain privileges by running a crafted application. Affected platforms inc...
CVE-2011-1968
CVE-2011-1968 affects the Remote Desktop Protocol (RDP) implementation in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability arises from improper handling of in-memory RDP packets, enabling an unauthenticated, remote attacker to cause a denial of service (reboot) by triggering acce...
CVE-2008-1086
The CVE-2008-1086 issue concerns the hxvz.dll ActiveX control (HxTocCtrl) used by Microsoft Help 2.5 and exposed in Internet Explorer on Windows XP SP2, Server 2003 SP1/SP2, Vista SP1, and Server 2008. The vulnerability is a memory corruption flaw triggered by malformed arguments to the ActiveX c...
CVE-2009-4311
CVE-2009-4311 describes an unspecified vulnerability in Microsoft's Indeo codec used by Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, enabling remote code execution via crafted media content. Connected documents reference multiple SoCs (OpenVAS/NVD) and Microsoft security advisories (KB95575...
CVE-2011-0088
CVE-2011-0088 is a Windows kernel‑mode privilege elevation vulnerability in the Win32k.sys driver. The root cause is improper validation of data passed from user mode to kernel mode, enabling a local attacker to execute arbitrary code with kernel privileges. Affected products include Windows XP (...
CVE-2011-1233
The CVE-2011-1233 issue affects Windows kernel (win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in win32k.sys that enables local privilege escalation via a craft...
CVE-2009-4310
CVE-2009-4310 concerns the Intel Indeo41 codec used by Windows Media Player. The issue is a stack-based buffer overflow in IV41 streams within AVI containers that allows remote code execution on Windows 2000 SP4, XP SP2/XP SP3, and Server 2003 SP2 when processing crafted video data. Affected comp...
CVE-2010-0917
CVE-2010-0917 is a distinct VBScript vulnerability causing a stack-based buffer overflow via the MsgBox fourth argument when Internet Explorer is used, affecting VBScript.dll on Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. An attacker-user interaction in IE could enable code executi...
CVE-2011-0665
The CVE-2011-0665 issue concerns a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 Gold/SP1. Root cause: incorrect man...
CVE-2011-1232
CVE-2011-1232 affects Windows kernel-Mode drivers (win32k.sys) across XP SP2-SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/SP1, and Windows 7 Gold/SP1. Root cause: NULL pointer dereference in Win32k subsystem allows a crafted application to escalate privileges from local user to ke...
CVE-2011-1235
CVE-2011-1235 is a Windows kernel–mode driver use‑after‑free vulnerability in the Win32k subsystem (win32k.sys). Documents confirm a local privilege‑escalation vector via crafted applications that exploit incorrect driver object management, affecting multiple XP/Server 2003/Vista/Server 2008/Wind...
CVE-2012-1866
CVE-2012-1866 concerns a local privilege escalation in the Windows kernel-mode drivers, specifically the win32k.sys component. The issue arises from improper handling of user-mode input passed to kernel-mode driver objects, enabling a local attacker to gain elevated privileges via a crafted appli...
CVE-2012-1867
CVE-2012-1867 is a local privilege-escalation flaw in Windows where an integer overflow in win32k.sys (font resource handling) could allow a local attacker to gain SYSTEM-level privileges via a crafted TrueType font. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows V...
CVE-2011-0675
CVE-2011-0675 is a local privilege-escalation in Windows caused by a use-after-free in win32k.sys (kernel-mode drivers). Affected are Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold/SP1). The root cause is incorrect management of kernel...
CVE-2011-1228
CVE-2011-1228 affects Microsoft Windows kernel-mode driver component win32k.sys. A NULL pointer de-reference in win32k allowed local attackers to gain kernel-level privileges on affected OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue is...
CVE-2011-1879
CVE-2011-1879 is a local privilege-escalation in Win32k.sys (kernel-mode driver) caused by incorrect driver object management leading to a use-after-free. Affects Windows XP (SP2, SP3), Server 2003 (SP2), Vista (SP1, SP2), Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold, SP1). Successful...
CVE-2011-1226
The CVE-2011-1226 issue is a local privilege-escalation vulnerability in Windows kernel-mode driver code (win32k.sys) caused by a NULL pointer de-reference. A crafted local application can trigger this in multiple supported OS versions, including Windows XP (SP2–SP3), Windows Server 2003 (SP2), W...
CVE-2007-3036
CVE-2007-3036 describes a local privilege-escalation vulnerability in Windows Services for UNIX (WSF) 3.0 and 3.5 and in the Subsystem for UNIX-based Applications on Windows 2000/XP/Server 2003/Vista. The underlying issue is improper handling of setuid binary files which may allow a local, authen...
CVE-2009-4312
CVE-2009-4312 concerns the Microsoft Windows Indeo codec and, per the provided documents, describes an unspecified vulnerability in the Indeo codec on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 that could allow remote code execution via crafted media content. The OpenVAS entries also refer...
CVE-2011-0039
The CVE-2011-0039 entry describes an elevation-of-privilege flaw in the Local Security Authority Subsystem Service (LSASS) on Windows XP SP2/SP3 and Windows Server 2003 SP2. The issue arises when LSASS processes specially crafted authentication requests with a manipulated length, enabling local u...
CVE-2011-0040
The CVE-2011-0040 vulnerability affects Microsoft Active Directory on Windows Server 2003 SP2, where the server mishandles an update request for a Service Principal Name (SPN). This can allow remote attackers to cause a denial of service or authentication outage via crafted SPN update requests th...
CVE-2007-0214
CVE-2007-0214 affects the HTML Help ActiveX control (hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2/Professional, and Windows Server 2003 SP1. The vulnerability arises from improper input validation in HTML Help ActiveX methods, leading to a remote code execution flaw if a user visits a specia...
CVE-2007-1912
CVE-2007-1912 relates to a heap-based buffer overflow in Microsoft Windows’ Help system (WinHelp) triggered by specially crafted .HLP files. The connected advisory CPAI-2007-254 describes a boundary/heap overflow in handling HLP files that could allow a remote attacker to inject and execute arbit...
CVE-2010-0719
CVE-2010-0719 affects multiple Windows client/server OSes (Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7). The root cause is an unspecified API that does not validate arguments, enabling local user privilege to trigger a denial of service (system crash) via a crafted application. T...
CVE-2007-2374
Technical details are not publicly available in the provided documents; no affected products, vulnerable components, vectors, or fixes are specified. Monitor for updates.
CVE-2010-3957
CVE-2010-3957 is a Windows OpenType Font (OTF) driver vulnerability (double-free) affecting Windows XP SP2–SP3, Server 2003 SP2, Vista SP1–SP2, Server 2008 Gold SP2/R2, and Windows 7. The issue resides in the OTF driver’s memory handling while parsing OpenType fonts, enabling local privilege esca...
CVE-2007-2219
CVE-2007-2219 is a remote code-execution flaw in the Win32 API present on Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. The vulnerability stems from improper validation of parameters passed to a Win32 API function, enabling an attacker to execute arbitrary code by convincing a user to view a...