21 matches found
CVE-2013-5065
NDProxy.sys in the Windows kernel is affected by a local privilege escalation flaw (CVE-2013-5065) caused by improper input validation in the NDPROXY driver. A crafted IOCTL path allows a local attacker to exploit a NULL pointer dereference to escalate privileges on affected systems. Public explo...
CVE-2015-1701
CVE-2015-1701 is a Win32k.sys kernel-mode privilege-escalation flaw affecting Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2. The issue stems from improper handling within win32k, notably around the ClientCopyImage/SetWindowLongPtr path, enabling a crafted user-mode input to execute code...
CVE-2010-0231
CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...
CVE-2010-0020
CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...
CVE-2010-0022
CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...
CVE-2010-0021
CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...
CVE-2008-0015
CVE-2008-0015 is a stack-based buffer overflow in ATL’s CComVariant::ReadFromStream used by the MPEG2TuneRequest ActiveX control in msvidctl.dll (DirectShow). The vulnerability affects multiple Windows versions (2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2) and allows rem...
CVE-2008-0020
Technical details about CVE-2008-0020 are not publicly available in the provided connected documents. Monitor for updates as new information becomes public.
CVE-2007-1765
CVE-2007-1765 refers to a remote code execution/DoS vulnerability in Microsoft Windows (Windows 2000 SP4 through Vista) via a malformed ANI file that corrupts memory while processing cursors/animated cursors/icons in LoadAniIcon() of USER32.dll. Connected sources identify this as MS07-017 (RIFF/A...
CVE-2010-0024
The CVEs concern the Windows SMTP service (smtpsvc.dll) used by Microsoft Windows 2000 SP4, Windows XP SP3, Windows Server 2003 SP2, Windows Server 2008 SP2/R2, Exchange Server 2003 SP3, Exchange Server 2007 SP2, and Exchange Server 2010. CVE-2010-0024 describes a flaw in parsing DNS MX records t...
CVE-2010-1886
CVE-2010-1886 represents a local privilege-escalation issue in Windows where an attacker with access to a process running under the NetworkService account can gain LocalSystem privileges via the Windows Service Isolation mechanism. Documented vectors involve the TAPI Server and other services suc...
CVE-2010-0025
Technical details for CVE-2010-0025 are not provided in the connected documents; only related DNS spoofing CVEs are present. Monitor for updates.
CVE-2011-1229
CVE-2011-1229 is a local privilege-escalation vulnerability in the Windows kernel identified as the Win32k NULL Pointer De-reference. It affects win32k.sys in multiple Windows platforms: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 SP1. A crafted a...
CVE-2009-1923
CVE-2009-1923 describes a heap-based buffer overflow in the Windows WINS service that can allow remote code execution on Windows 2000 SP4 and Windows Server 2003 SP2. The flaw occurs during WINS replication packet processing, where a buffer-length calculation leads to a heap overflow. Public refe...
CVE-2008-3008
CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...
CVE-2009-3675
CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...
CVE-2015-1768
CVE-2015-1768 affects the Windows kernel-mode driver Win32k.sys, specifically on Windows Server 2003 SP2 and R2 SP2, where a memory corruption issue in the kernel can allow local privilege escalation or denial of service. The vulnerability arises from flaws in handling memory/objects in win32k.sy...
CVE-2007-5133
Microsoft Windows Explorer (explorer.exe) is affected by CVE-2007-5133. A crafted PNG file with a large tEXt chunk may trigger an integer overflow in PNG chunk size handling, allowing user‑assisted remote attackers to cause a denial of service (CPU consumption). The connected sources explicitly d...
CVE-2009-1924
The CVE-2009-1924 entry relates to an integer/heap overflow in Microsoft Windows WINS (NetBIOS name resolution). Affected product: Windows Server/Windows 2000 SP4 with WINS service. Vulnerability arises when processing crafted WINS replication packets, allowing remote code execution with SYSTEM p...
CVE-2006-2374
CVE-2006-2374 (SMB Invalid Handle Vulnerability) affects Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The issue is a DoS in MRXSMB.SYS caused by a logic/error in MrxSmbCscIoctlCloseForCopyChunk when given a shadow-device file handle, potentially freezing the system (deadlock). T...
CVE-2008-1451
CVE-2008-1451 affects the Windows WINS service on: Windows 2000 Server SP4, Windows Server 2003 SP1/SP2 (including x64/Itanium variants listed in MS08-034). The vulnerability arises because WINS does not properly validate the data structures of crafted WINS network packets, enabling a local attac...