351 matches found
CVE-2012-1848
CVE-2012-1848 affects win32k.sys kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, Windows 7 SP1, and Windows 8 Consumer Preview). The underlying issue is improper handling of user-mode input passed to kernel mode, which enabl...
CVE-2009-2494
Microsoft ATL (Active Template Library) in Windows platforms vulnerable to remote code execution due to an erroneous free operation after reading a variant from a stream and deleting it (ATL Object Type Mismatch). Affected products include Windows XP/2000/2003/Vista/Server editions as listed in M...
CVE-2009-1537
Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...
CVE-2011-0661
CVE-2011-0661 describes a remote code execution vulnerability in the Windows SMB Server service. The root cause is improper validation of fields in SMB requests by the SMB Server, allowing an unauthenticated remote attacker to execute arbitrary code via a malformed SMBv1 or SMBv2 packet. Affected...
CVE-2011-3417
The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...
CVE-2015-0015
The CVE-2015-0015 issue affects Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold/R2, where crafted username strings sent to IAS/NPS trigger a remote denial of service (system hang/RADIUS outage). Root cause: improper parsing of username queries in NPS/IAS. Impact: DoS; ex...
CVE-2012-0003
CVE-2012-0003 is a remote-code-execution issue in Windows Multimedia Library (winmm.dll) used by Windows Media Player. A specially crafted MIDI file can trigger the vulnerability, leading to arbitrary code execution with the user’s context. Affected products include Windows XP SP2/SP3, Windows Se...
CVE-2013-3129
CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...
CVE-2014-6355
CVE-2014-6355 concerns a vulnerability in the Microsoft Graphics Component where JPEG decoding in memory is mishandled, enabling information disclosure when a user visits a crafted web site. Affected products include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...
CVE-2008-1454
Technical details about CVE-2008-1454 (affected product, vulnerable component, impact, patch) are not publicly provided in the connected documents. Monitor for updates.
CVE-2014-0317
CVE-2014-0317 is the SAMR Security Feature Bypass vulnerability in Microsoft Windows, affecting Windows XP SP2-SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows Server 2012 (Gold/R2). The issue stems from the Security Account Manager Remote (SAMR) protoc...
CVE-2010-0269
CVE-2010-0269 is a remote code execution vulnerability in the Microsoft SMB client. The issue arises from improper memory allocation when parsing specially crafted SMB responses, enabling an unauthenticated attacker to execute arbitrary code on a vulnerable system by sending a crafted SMB respons...
CVE-2010-1885
The CVE-2010-1885 entry concerns the Windows Help and Support Center (HelpCtr) in Windows XP and Windows Server 2003. The vulnerability stems from the MPC::HexToNum function in helpctr.exe failing to properly handle malformed escape sequences, allowing a crafted hcp:// URL to bypass the trusted d...
CVE-2010-2566
The CVE-2010-2566 issue is a remote code execution vulnerability in Microsoft Windows SChannel (TLS/SSL) where the SChannel security package fails to properly validate certificate request messages from TLS/SSL servers. This affects Windows XP SP2/SP3 and Windows Server 2003 SP2. An attacker could...
CVE-2011-3400
CVE-2011-3400 is a Windows OLE handling vulnerability affecting XP SP2/SP3 and Windows Server 2003 SP2. The issue stems from improper in-memory handling of OLE objects, allowing remote code execution when a crafted file containing an OLE object is opened. Public references and exploits/documentat...
CVE-2015-0004
CVE-2015-0004 concerns a local privilege-escalation in the Windows User Profile Service (ProfSvc). According to the provided sources, the vulnerability is exploited by a junction attack that loads another user’s UsrClass.dat registry hive, enabling local users to gain privileges. Affected product...
CVE-2009-2498
The CVE-2009-2498 entry corresponds to a code-execution vulnerability in Microsoft Windows Media Format Runtime (versions 9.0, 9.5, 11) and Windows Media Services 9.1/2008, triggered by parsing malformed ASF/WMV/WMA headers. Connected advisories (e.g., CPAI-2014-1114; OpenVAS 901012) corroborate ...
CVE-2011-1991
CVE-2011-1991 describes multiple untrusted search path vulnerabilities in Windows components that allow local privilege elevation via Trojan horse DLLs loaded from the current working directory. Affected products include Windows XP SP2/ SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Ser...
CVE-2010-0555
CVE-2010-0555 affects Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8. The root cause is URLMON sniffing that allows rendering of non-HTML local files as HTML documents after a redirect, bypassing access restrictions and enabling read of arbitrary files. The description identifies this a...
CVE-2012-2556
CVE-2012-2556 : OpenType Font (OTF) parsing vulnerability in Windows kernel‑mode drivers allows remote code execution via a crafted font file. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Root cause: improper hand...
CVE-2011-1281
CVE-2011-1281 affects the Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem across multiple Windows versions: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and Windows 7 Gold/SP1. The issue stems from AllocConsole() handling when...
CVE-2009-2499
The CVE-2009-2499 issue affects Microsoft Windows components: Windows Media Format Runtime versions 9.0, 9.5, and 11, and Windows Media Foundation on Windows Vista (Gold, SP1, SP2) and Server 2008. The vulnerability arises when processing MP3 files with crafted metadata, triggering memory corrupt...
CVE-2009-3677
CVE-2009-3677 describes an elevation-of-privilege bypass in the Internet Authentication Service (IAS) used by Microsoft Windows products. The issue arises because MS-CHAP v2 authentication requests sent over PEAP are not properly validated, allowing remote attackers to gain access to network reso...
CVE-2010-2739
The CVE-2010-2739 issue is a buffer overflow in the Windows win32k.sys CreateDIBPalette() function. A crafted bitmap with a very large color palette, used via GetClipboardData, can crash the system and may allow arbitrary code execution locally on affected Windows versions: XP SP3, Server 2003 R2...
CVE-2013-1278
CVE-2013-1278 describes a kernel race condition in Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. The vulnerability allows local privilege elevation via crafted objects in memory, as part o...
CVE-2009-0320
Microsoft Windows taskmgr.exe Information Disclosure Vulnerability (CVE-2009-0320) affects Windows XP, Server 2003/2008, and Vista. The issue exposes I/O activity measurements for all processes, enabling local users to infer sensitive information by reading the I/O Other Bytes column in Task Mana...
CVE-2013-3661
CVE-2013-3661 affects Windows with the EPATHOBJ::bFlatten function in win32k.sys across Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, and Windows RT. The root cause is improper checking of linked-list traversal in PATHRECORD chains,...
CVE-2008-4038
CVE-2008-4038 describes a remote code execution vulnerability in Microsoft Windows SMB file-name handling (SMB buffer underflow). The issue affects multiple Windows versions (including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, and Server 2008) and arises when a specially craft...
CVE-2010-1895
CVE-2010-1895 affects Windows kernel-mode driver win32k.sys on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is improper memory allocation when copying data from user mode to kernel mode, enabling local privilege escalation via a crafted application. Microsoft released patch MS10...
CVE-2011-1974
Affected software and root cause: The vulnerability CVE-2011-1974 affects the NDISTAPI.sys driver in the Remote Access Service (RAS) on Microsoft Windows XP SP2/SP3 and Windows Server 2003 SP2. It arises from improper validation of user-mode input by the NDISTAPI driver, which can be exploited to...
CVE-2012-2897
CVE-2012-2897 is a Windows kernel‑mode driver vulnerability known as the TrueType Font Parsing vulnerability. It affects multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) and is triggered by processing a craf...
CVE-2013-1345
CVE-2013-1345 affects the Windows kernel-mode driver component Win32k.sys across multiple Windows/Server editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7, 8, Server 2012, Windows RT). The vulnerability arises from improper handling of objects in memory within Win32k...
CVE-2009-0089
CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...
CVE-2010-2744
The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...
CVE-2009-0555
CVE-2009-0555 is a Windows Media Runtime issue affecting the ASF handling in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and ACM. The flaw allows remote code execution via a crafted ASF audio file that uses the Windows Media Speech codec, as described in multiple sources (MS09-...
CVE-2010-3147
CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...
CVE-2011-0029
The CVE-2011-0029 issue affects the Microsoft Remote Desktop Connection client (versions 5.2, 6.0, 6.1, 7.0). It is a local privilege-escalation vulnerability caused by an untrusted search path: a Trojan DLL loaded from the current working directory when a directory contains a .rdp file. Impact i...
CVE-2010-0492
Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...
CVE-2011-0034
The CVE-2011-0034 issue is a stack overflow in the OpenType Compact Font Format (CFF) driver (ATMFD.dll) in Microsoft Windows. It can be triggered by crafted OpenType fonts and allows remote attackers to execute arbitrary code on affected systems. Affected Windows versions include Windows XP SP2/...
CVE-2011-0096
The CVE describes a vulnerability in the MHTML protocol handler where improper processing of MIME-formatted requests for content blocks can allow a remote attacker to trigger client-side effects in Internet Explorer. Connected advisories (MS11-026 and related OpenVAS/Nessus listings) frame this a...
CVE-2013-1277
AFFECTED: Microsoft Windows family (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7 Gold/SP1) – vulnerability in the kernel-mode driver win32k.sys. WHAT: A race condition in win32k.sys that allows local users to gain privileges and read arbitrary kernel memory when a ...
CVE-2015-0006
The CVE-2015-0006 issue is a vulnerability in Microsoft Windows’ Network Location Awareness (NLA) service. The root cause is that NLA does not perform mutual authentication to verify domain connections, enabling a remote attacker to spoof DNS/LDAP responses on a local network and trigger an unint...
CVE-2010-2746
CVE-2010-2746 describes a heap-based buffer overflow in the Windows common controls library, Comctl32.dll, triggered when processing messages from a third-party SVG viewer. A remote code execution risk exists on affected Windows releases (XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008, and W...
CVE-2011-0654
CVE-2011-0654 describes an integer underflow in BowserWriteErrorLogEntry within the CIFS browser service (Mrxsmb.sys/bowser.sys) used by Active Directory; a malformed BROWSER ELECTION message can trigger a heap-based buffer overflow. Affected products include Windows XP SP2/SP3, Windows Server 20...
CVE-2013-1300
CVE-2013-1300 maps to a Win32k memory handling vulnerability in win32k.sys affecting multiple Windows XP/Vista/7/8/2003/Server variants. The issue is a local privilege escalation via a crafted application that abuses kernel memory object handling, enabling an attacker to gain SYSTEM-level privile...
CVE-2010-0027
CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...
CVE-2010-0487
CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...
CVE-2011-1282
CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...
CVE-2009-0085
CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...
CVE-2009-2511
CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...