254 matches found
CVE-2013-0075
CVE-2013-0075 is a remote DoS in the Windows TCP/IP stack: a crafted packet terminating a TCP connection can reboot affected hosts. Affected: Windows Vista SP2; Windows Server 2008 SP2/R2/R2 SP1; Windows 7 SP1/Gold; Windows 8; Windows Server 2012; Windows RT. Root cause: improper handling of a co...
CVE-2013-1283
CVE-2013-1283 affects Windows kernel-mode drivers, specifically Win32k.sys, with a local privilege-escalation due to race conditions from improper handling of memory objects. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Wind...
CVE-2013-1339
Summary (CVE-2013-1339): The Windows Print Spooler component has a memory management flaw during deletion of printer connections across affected Windows versions (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). This allows remote authenticated users to execu...
CVE-2015-1696
Consolidated details from CNVD entries confirm CVE-2015-1696 concerns Microsoft Windows Journal file handling. The vulnerability arises when processing specially crafted Journal (.jnt) files, enabling a remote attacker to execute arbitrary code. Affected software scope includes Windows editions l...
CVE-2015-2382
CVE-2015-2382 describes an information disclosure in Microsoft Windows where win32k.sys, the kernel-mode portion of Windows, can leak kernel memory contents to local users via a crafted application. Affected products include Windows 8, Windows 8.1, Windows Server 2012 (Gold and R2), and Windows R...
CVE-2013-1284
CVE-2013-1284 is a Windows kernel local privilege escalation caused by a race condition in memory object handling. Affected: Windows 8, Windows Server 2012, and Windows RT (with related entries referencing other Windows versions in risk trackers). Impact cited: local user could gain higher privil...
CVE-2013-1340
CVE-2013-1340 is a Windows kernel local privilege-escalation vulnerability in the Win32k.sys component (Win32k Dereference Vulnerability). The flaw occurs in memory object handling within the Win32k kernel-mode driver and affects multiple Windows platforms including XP SP2/SP3, Server 2003 SP2, V...
CVE-2013-1341
CVE-2013-1341 affects the Windows kernel component win32k.sys (kernel-mode drivers) and allows local privilege escalation via a crafted application on several Windows families. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8. Root cause: ...
CVE-2015-1679
Technical details about CVE-2015-1679 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2015-1699
Affected software: Microsoft Windows with Journal handling (Journal files, .jnt). The vulnerability allows remote code execution via a crafted Journal file, as described across CVE-2015-1699 and CNVD entries, with root cause in how Journal files are parsed. No exploitation details are provided in...
CVE-2015-1720
CVE-2015-1720 is a local privilege-escalation vulnerability in Windows kernel-mode drivers caused by a use-after-free in kernel objects. A crafted application can exploit this to gain elevated privileges (kernel mode). Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, S...
CVE-2015-2550
Summary: CVE-2015-2550 is a Windows kernel elevation-of-privilege vulnerability affecting multiple Windows versions (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT, and Windows 10). The connected sources describe local privilege escalation via a crafted application i...
CVE-2018-6947
CVE-2018-6947 is an uninitialised stack variable vulnerability in the nxfuse component of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier. It enables local, low-privilege users to gain elevation of privileges on Windows 7 (32/64-bit) and can cause a denial of service o...
CVE-2013-1332
CVE-2013-1332 is a local privilege-escalation vulnerability in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys) used by Windows. The issue arises from how objects in memory are handled by the kernel-mode driver, allowing a crafted local user to elevate privileges ("DirectX Graphics Kernel Subs...
CVE-2013-3173
CVE-2013-3173 corresponds to the Win32k.sys kernel-mode driver buffer overflow vulnerability (Win32k Buffer Overwrite Vulnerability) that allows local privilege escalation on affected Windows versions. Documents reference Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP1, 7 SP1, ...
CVE-2013-3879
Win32k Use After Free Vulnerability (CVE-2013-3879): a local privilege-escalation in the win32k.sys kernel-mode driver affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, and RT. Root cause: use-after-free in memory object handling within the W...
CVE-2014-4064
CVE-2014-4064 is a Windows kernel-information-disclosure vulnerability caused by improper use of the paged kernel pool to allocate uninitialized memory in kernel-mode drivers. A local attacker could exploit this to read kernel memory addresses on vulnerable Windows editions (Vista SP2, Server 200...
CVE-2015-1702
CVE-2015-1702 affects the Service Control Manager (SCM) in multiple Windows client and server editions (e.g., Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8/8.1, 2012/2012 R2, RT/RT 8.1). The root cause is that SCM does not properly constrain impersonation levels, allowing a...
CVE-2015-0060
CVE-2015-0060 is a Windows kernel-mode font handling vulnerability affecting the font mapper in win32k.sys across multiple Windows versions (Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, 7, 8, 8.1, Server 2012/2012 R2, RT). The root cause is improper font scaling in the font mapper, which allow...
CVE-2018-7250
CVE-2018-7250 affects secdrv.sys in Microsoft Windows Vista/7/8/8.1 (before KB3086255) and Macrovision SafeDisc. The issue is an uninitialized kernel pool allocation in IOCTL 0xCA002813 that allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. Impact is inf...
CVE-2013-1344
CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...
CVE-2015-0074
CVE-2015-0074 is tied to the Adobe Font Driver in Windows (ATMFD.DLL) and related font engines. The vulnerability arises from improper memory allocation in the driver, enabling remote denial-of-service via crafted fonts loaded from a website or file. Connected sources (MS15-021 and related adviso...
CVE-2015-2416
CVE-2015-2416 is a Windows OLE privilege-elevation vulnerability affecting multiple editions (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012). The root cause, as cited across connected sources, is an input-validation flaw in OLE that allows remote at...
CVE-2015-2417
CVE-2015-2417 describes an OLE-based elevation-of-privilege vulnerability in multiple Windows platforms (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1). The root cause is an input validation flaw in OLE t...
CVE-2013-1334
CVE-2013-1334 concerns a local privilege-escalation in Windows via the Win32k.sys kernel-mode driver. The exposed issue is that Win32k window/object handling can be abused to gain kernel-level privileges through a crafted application, enabling arbitrary code execution with high impact. Affected p...
CVE-2013-3903
CVE-2013-3903 is a local-privilege/DoS issue in Windows kernel‑mode: an array index error in win32k.sys allows a crafted TrueType font to reboot the system on Windows 8, Windows Server 2012 (Gold/R2), Windows RT, and Windows 8.1. The vulnerability stems from the font parsing pathway in the TrueTy...
CVE-2015-0061
CVE-2015-0061 corresponds to a TIFF parsing information-disclosure vulnerability in Microsoft Windows graphics components. The issue arises from improper initialization of memory when processing TIFF images, allowing a remote attacker to extract sensitive information from process memory. Affected...
CVE-2015-0093
CVE-2015-0093 (BLEND vulnerability) is described in Google Project Zero material as a shared-charstring flaw that enables arbitrary PostScript operations with fully reliable control, affecting both the Adobe Reader/ CoolType path and the Windows ATMFD.DLL kernel driver. The root cause is a negati...
CVE-2013-3894
CVE-2013-3894 affects Windows kernel-mode drivers and is triggered by a crafted CMAP table in a TrueType font, enabling remote code execution. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Impact per sources: r...
CVE-2014-2780
CVE-2014-2780 corresponds to a DirectShow elevation-of-privilege vulnerability in Microsoft Windows (affecting Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8, 8.1, and Server 2012). The root cause is an input-validation flaw in DirectShow when processing unserialized Stretch objects, enabling lo...
CVE-2015-0091
CVE-2015-0091 corresponds to a buffer overflow in the Adobe Font Driver (ATMFD.DLL) within Windows’ font rendering stack. The connected materials describe it as a “buffer overflow in a constant-sized allocation” related to font processing, part of a set of ATMFD vulnerabilities (alongside CVE-201...
CVE-2015-1681
CVE-2015-1681 affects multiple Windows versions (Vista SP2, 2008 SP2/R2 SP1, 7 SP1, 8/8.1, 2012 Gold/R2, RT/8.1) and is triggered by handling a crafted .msc file in Microsoft Management Console File Format. The underlying issue is a vulnerability in the MMC icon/destination-buffer handling that c...
CVE-2015-1695
CVE-2015-1695 concerns Windows Journal Remote Code Execution via crafted Journal files. Connected CNVD records describe vulnerability in Windows Journal handling of Journal (.jnt) files that allows remote attackers to craft files parsed by a user to execute arbitrary code, aligning with the CVE f...
CVE-2013-1342
Technical details for CVE-2013-1342 are not publicly available in the provided Connected documents. The initial description contains general vulnerability information only. Monitor for updates from official advisories and vendor advisories to obtain affected products, impact, and remediation spec...
CVE-2013-3136
CVE-2013-3136 describes a local information-disclosure vulnerability in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. The issue stems from how the kernel handles unspecified page-fault system calls, allowing a crafted local...
CVE-2013-3866
CVE-2013-3866 is a Windows kernel‑mode driver privilege escalation in Win32k.sys affecting multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, Server 2012, Windows RT). The root cause is a crafted application that allows local users to gain...
CVE-2015-0079
Microsoft Windows Remote Desktop Protocol (RDP) Denial of Service (CVE-2015-0079) affects Windows 7 SP1, Windows 8/8.1, and Windows Server 2012/2012 R2. The root cause is failure to properly free memory when multiple RDP sessions are established, allowing remote, unauthenticated attackers to exha...
CVE-2015-1719
CVE-2015-1719 is a local information-disclosure vulnerability in Microsoft Windows kernel-mode drivers across multiple OS versions (Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012, RT/RT 8.1). The root issue is information being readable from k...
CVE-2013-3196
The CVE-2013-3198 entry concerns the NTVDM kernel component in 32‑bit Windows platforms (XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8). The vulnerability arises from improper validation of kernel‑memory addresses in NTVDM, enabling local users to gain privileges o...
CVE-2015-0095
CVE-2015-0095 affects Microsoft Windows kernel-mode drivers across multiple OS versions (e.g., Windows Server 2003 SP2, Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012). Root cause: a kernel-mode driver vulnerability enabling local attackers to cause a denial-of-service via N...
CVE-2015-1678
Technical details about CVE-2015-1678 are not provided in the connected documents. The initial entry notes a kernel memory disclosure via Win32k.sys, but lacks specific vulnerable components, affected products, or fixes in the supplied sources. Monitor for updates.
CVE-2015-1698
CVE-2015-1698 affects Windows platforms (Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012 Gold/R2, RT Gold/8.1). The vulnerability arises from handling of specially crafted Journal (.journal/.jnt) files, allowing remote code execution when parsed by an application. Connected CNVD ...
CVE-2013-3865
Win32k Multiple Fetch Vulnerability (CVE-2013-3865) affects multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, Windows RT). It allows local privilege escalation through a crafted application affecting win32k.sys in kernel-mode drivers...
CVE-2013-3887
CVE-2013-3887 describes a local information-disclosure flaw in the Ancillary Function Driver (afd.sys) across multiple Windows kernels (XP SP2, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012). The root cause is improper copy operations in afd.sys that allow a local atta...
CVE-2015-0084
CVE-2015-0084 affects Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8/8.1, Windows Server 2012 (Gold/R2) and Windows RT (Gold/8.1). The Task Scheduler fails to properly constrain impersonation levels, enabling local privilege escalation by launching executables via a crafted task. Public exp...
CVE-2015-0089
Memory-disclosure under CVE-2015-0089 exists in the DLLs/libraries used for PostScript/OpenType font handling (ATMFD.DLL in Windows kernel, Adobe Reader CoolType, DirectWrite, and WPF). The root cause is uninitialized transient memory (32 dwords) read by Charstring interpreters, enabling leakage ...
CVE-2018-7249
CVE-2018-7249 is a kernel-use-after-free in the secdrv.sys driver used by Microsoft Windows Vista/7/8/8.1 (pre-KB3086255) and Macrovision SafeDisc. Two carefully timed IOCTL 0xCA002813 calls can race to free a kernel object, enabling an unprivileged user to execute arbitrary code in the kernel. P...
CVE-2013-1291
CVE-2013-1291 refers to a local-denial-of-service vulnerability in Windows OpenType font parsing via win32k.sys. Exploitation requires local access and a crafted OpenType font can crash/restart the system. Affected OS versions include Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, W...
CVE-2013-1343
Technical details for CVE-2013-1343 are not publicly available in the provided documents; affected components, impact, and remediation are not specified here. Monitor for updates from NVD and EUVD sources.
CVE-2013-2558
Technical details about CVE-2013-2558 are not publicly provided in the supplied documents; no concrete affected products/versions/fixes are specified here. Monitor for updates.