19 matches found
CVE-2006-0010
CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...
CVE-2006-2379
CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...
CVE-2004-0893
This CVE describes two privilege-elevation flaws in Windows components from 2004: (1) the Local Procedure Call (LPC) interface in the Windows kernel fails to validate message lengths, enabling a locally-authenticated attacker to gain full control; and (2) LSASS validates identity tokens improperl...
CVE-2005-1208
CVE-2005-1208 describes a remote code execution vulnerability in Microsoft HTML Help (CHM/InfoTech Storage protocols like ms-its, ms-itss, its, mk:@MSITStore). The root cause is an integer overflow/heap-based buffer overflow when processing crafted CHM content with a large size field, exploitable...
CVE-2004-0568
HyperTerminal for Windows NT 4.0/2000/XP/Server 2003 contains a buffer overflow in session file handling due to improper validation of a value’s length. This allows a remote attacker to execute arbitrary code when a user opens a malicious HyperTerminal session file (.ht), or follows a web/Telnet ...
CVE-2005-1218
CVE-2005-1218 describes a denial-of-service in the Microsoft Windows Remote Desktop Protocol (RDP) service affecting Windows 2000/XP/Server 2003. Root cause: an input-validation flaw in how RDP messages are processed, which could allow a remote attacker to crash the RDP service by sending a craft...
CVE-2006-0012
CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...
CVE-2006-0013
Mode C: Affected software and root cause: Microsoft Windows XP SP1/SP2 and Windows Server 2003 up to SP1 with the Web Client service (WebClnt.dll) are vulnerable. The issue is an unchecked buffer in the Web Client service that handles WebDAV/RPC messages, enabling remote code execution. Impact: a...
CVE-2004-0894
CVE-2004-0894 is a local elevation-of-privilege issue in LSASS on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability stems from incomplete validation of connection information by LSASS, allowing a locally authenticated user to gain complete control of the system by running a...
CVE-2005-1649
CVE-2005-1649 affects Windows XP SP2, Windows Server 2003 SP1, and Longhorn. It describes a LAND-like denial-of-service vector in IPv6 TCP/IP where a crafted TCP SYN packet uses the same source and destination IP and port, causing high CPU or unresponsiveness. The vulnerability is a variant of CV...
CVE-2006-0008
The CVE-2006-0008 issue affects the Korean Input Method Editor (IME) on Windows XP SP1/SP2, Windows Server 2003 up to SP1, and Office 2003. A privilege-elevation flaw exists in the Korean IME; an attacker who can log on (locally or via Remote Desktop/Terminal Services) could exploit the ShellAbou...
CVE-2006-0021
The CVE-2006-0021 issue affects Microsoft Windows TCP/IP implementation on Windows XP SP1/SP2 and Windows Server 2003 up to SP1, where a specially crafted IGMPv3 packet can trigger a denial‑of‑service (system hang). Root cause: failure to properly validate IGMP packets in the TCP/IP stack, allowi...
CVE-2004-1306
The connected advisories confirm a heap-based buffer overflow in winhlp32.exe that can be triggered by a crafted .hlp file, exposing remote code execution on affected Windows versions: Windows NT, Windows 2000 (SP4), Windows XP (SP2), and Windows Server 2003. Root cause: unsafe handling during ph...
CVE-2005-1214
CVE-2005-1214 involves a spoofing flaw in Microsoft Agent that could allow remote attackers to impersonate trusted Internet content and potentially execute arbitrary code when a user visits a malicious Web page. Connected docs confirm the vulnerability (CAN-2005-1214) exists in Microsoft Agent an...
CVE-2005-1184
The CVE-2005-1184 entry describes a DoS in the TCP/IP stack across multiple operating systems: a remote attacker sends a TCP packet with the correct sequence number but an incorrect Acknowledgement number, triggering a flood of keep-alive packets and CPU consumption. The impact is listed as Parti...
CVE-2005-1212
CVE-2005-1212 is a buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe). A crafted bookmark link file with a long User field in extensions .cbo/.cbl/.cbm allows remote code execution, running with the caller’s privileges. The issue affects Step-by-Step Interactive Training ...
CVE-2005-2388
CVE-2005-2388 describes a buffer overflow in a USB driver used on Microsoft Windows that could allow an attacker to execute arbitrary code. The provided documents do not specify the affected product name, exact driver version, or root cause details beyond the general buffer overflow. Exploit info...
CVE-2006-0143
The Connected advisory CPAI-2006-171 documents a denial-of-service flaw in Microsoft Windows’ Graphics Rendering Engine (GRE) when parsing certain WMF files. Specifically, a crafted WMF with ExtCreateRegion or ExtEscape calls can trigger a memory read/parse error in GRE, causing the host applicat...
CVE-2006-3351
CVE-2006-3351 is a Windows Explorer vulnerability (explorer.exe) affecting Windows XP/2003 where parsing of .url files with InternetShortcut tags can overflow the stack. A crafted .url file containing a long URL and many file: specifiers may trigger a denial of service and possibly arbitrary code...