351 matches found
CVE-2009-0085
CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...
CVE-2009-2511
CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...
CVE-2010-0267
CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...
CVE-2010-0487
CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...
CVE-2010-3939
CVE-2010-3939 describes a local privilege-escalation vulnerability in the Windows kernel via the win32k.sys driver. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP2, and R2), and Windows 7. The root cause is imprope...
CVE-2011-1282
CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...
CVE-2012-1870
CVE-2012-1870 describes a TLS CBC-mode vulnerability allowing plaintext data disclosure during HTTPS sessions (BEAST-like issue). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1. The threat is that an attacker can sniff netwo...
CVE-2008-1436
The CVE-2008-1436 entry describes a privilege-escalation token kidnapping issue in Windows where improper handling of SeImpersonatePrivilege could allow a context-dependant attacker to gain LocalSystem privileges by coordinating between two service processes. Public details in connected MS bullet...
CVE-2008-2249
The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...
CVE-2009-0234
CVE-2009-0234 concerns the DNS Resolver Cache Service (DNSCache) in Windows DNS Server. The vulnerability arises from the DNS server’s handling of crafted DNS responses, where improper caching could let remote attackers predict transaction IDs and poison caches by sending numerous crafted queries...
CVE-2009-3671
CVE-2009-3671 concerns Microsoft Internet Explorer 8. The issue is a memory handling vulnerability where an object that is either not properly initialized or has been deleted is accessed, causing memory corruption and enabling remote code execution. The vulnerability is described as Uninitialized...
CVE-2010-3970
CVE-2010-3970 is a stack-based buffer overflow in CreateSizedDIBSECTION within shimgvw.dll (Windows Shell Graphics Processing). It is triggered by a crafted thumbnail bitmap (e.g., via a negative biClrUsed value) and can allow remote code execution. Affected products include Windows XP SP2/SP3, S...
CVE-2011-1967
CVE-2011-1967 affects the Windows Client/Server Run-time Subsystem (CSRSS) via the Winsrv.dll component. The root cause is improper permission checks when a lower‑integrity process sends inter‑process device‑event messages to a higher‑integrity CSRSS, enabling local privilege escalation. Affected...
CVE-2012-2529
CVE-2012-2529 describes a kernel integer-overflow vulnerability in Microsoft Windows that enables local privilege escalation. The issue affects the Windows kernel on multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause is improper ha...
CVE-2013-3195
The CVE-2013-3195 vulnerability affects the Windows common control library, specifically the DSA_InsertItem function in Comctl32.dll. It describes an integer/ memory allocation overflow that could allow remote code execution when a crafted value is supplied to an ASP.NET web application, affectin...
CVE-2009-1124
This CVE entry covers multiple Windows kernel privilege-escalation flaws (CVE-2009-1123, -1124, -1125, -1126) related to improper validation of changes to kernel objects, user-mode pointers, system-call arguments, and certain desktop parameters. Exploitation is local and requires valid logon cred...
CVE-2009-3674
CVE-2009-3674 affects Microsoft Internet Explorer 8, describing an Uninitialized Memory Corruption vulnerability in how IE8 handles memory objects (uninitialized or deleted) that can enable remote code execution. Multiple records in the connected data corroborate the same memory-corruption vector...
CVE-2010-0016
CVE-2010-0016 is a remote code execution vulnerability in the SMB client of Microsoft Windows (affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2). The root cause is improper validation of fields in SMB responses by the SMB client, which can allow a crafted SMB response from a malicious ...
CVE-2010-1734
The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...
CVE-2010-1887
CVE-2010-1887 affects the Windows kernel‑mode driver win32k.sys and is triggered by improper validation of a system call argument, causing a denial of service (system hang) on XP SP2/3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7. Connected documents also describe rel...
CVE-2010-3941
Summary (CVE-2010-3941) : A local privilege-escalation in Windows is caused by a double-free in the kernel-mode driver win32k.sys. Affects multiple Windows editions: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, and Windows 7. The flaw enables local users to gain full privileg...
CVE-2010-3963
CVE-2010-3963 affects the Windows kernel’s Routing and Remote Access NDProxy driver, notably on Windows XP (SP2/SP3) and Server 2003 SP2. The vulnerability originates from improper validation/copying of data from user mode into the kernel, enabling a local attacker to trigger a kernel-mode privil...
CVE-2013-1287
The CVE-2013-1287 issue affects the USB kernel-mode drivers in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 R2 SP1, 7, 8, Server 2012). Root cause: objects in memory are not properly handled by USB descriptor processing, enabling physically proximate attackers to...
CVE-2009-2525
CVE-2009-2525 is the Windows History: The Windows Media Runtime Heap Corruption Vulnerability. A remote code execution flaw exists in Windows Media Runtime (DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager) caused by improper initialization of unspecifi...
CVE-2010-0234
The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...
CVE-2010-0488
CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...
CVE-2010-2743
The CVE-2010-2743 issue affects Windows XP SP3 kernel-mode components, specifically the Win32k NtUserLoadKeyboardLayoutEx path, where indexing of a function-pointer table during loading of keyboard layouts from disk allows a local user to escalate privileges. The underlying cause is improper hand...
CVE-2011-3415
CVE-2011-3415 is an open redirect vulnerability in the ASP.NET Forms Authentication component of Microsoft .NET Framework (2.0 SP2, 3.5 SP1, 3.5.1, 4.0). The issue arises during return URL validation in the login flow, allowing remote attackers to redirect victims to arbitrary sites and potential...
CVE-2012-1864
CVE-2012-1864/1865 affect Windows kernel-mode, specifically win32k.sys, across multiple XP/2003/Vista/2008/7 builds. The root cause is improper handling of user-mode input passed to kernel-mode driver objects, enabling local privilege escalation. The linked documents confirm two CVEs (1864/1865) ...
CVE-2013-3198
CVE-2013-3198 affects the NTVDM subsystem in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. It relies on improper validation of kernel-memory addresses, enabling local privilege escalation or memory corruption (DoS) via a cr...
CVE-2008-2250
CVE-2008-2250 refers to a Windows kernel elevation-of-privilege vulnerability where the kernel fails to properly validate window properties passed from a parent to a child during new window creation. The issue can allow a local attacker to execute arbitrary code in kernel mode and gain full acces...
CVE-2009-0079
CVE-2009-0079 affects Windows XP (SP2/SP3) and Windows Server 2003 (SP1/SP2). The vulnerability is a failure to isolate multiple RPCSS processes that run under the same account (NetworkService or LocalService), allowing a local user to escalate privileges by accessing resources of sibling RPCSS p...
CVE-2009-1920
The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...
CVE-2011-1284
CVE-2011-1284 is a Windows CSRSS local privilege-escalation vulnerability caused by an integer overflow in the CSRSS SrvWriteConsoleOutput path. Reported root cause: an out-of-bounds/incorrect memory assignment in a user transaction leads to memory corruption and potential kernel-mode code execut...
CVE-2012-1850
CVE-2012-1850 affects the LanmanWorkstation Remote Administration Protocol (RAP) handling in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1). The RAP implementation mishandles RAP responses, enabling remote attackers to cause a...
CVE-2013-3200
CVE-2013-3200 concerns a local-privilege-escalation in Windows USB handling. The vulnerability exists in kernel-mode USB drivers across multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). A crafted USB devi...
CVE-2007-3034
Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...
CVE-2009-2506
The CVE-2009-2506 issue is a memory corruption/heap overflow vulnerability in WordPad and Office text converters when parsing the DocumentSummaryInformation stream of a specially crafted Word 97 DOC file. A remote attacker could execute arbitrary code with the privileges of the logged-on user by ...
CVE-2010-0035
CVE-2010-0035 describes a denial-of-service vulnerability in the Kerberos Key Distribution Center (KDC) on Windows servers (Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold/SP2) when a trust with a non-Windows Kerberos realm exists. The issue arises from improper handling of Ticket-Grantin...
CVE-2011-1231
The CVE-2011-1231 issue affects Microsoft Windows kernel-mode drivers, specifically the Win32k.sys component. The vulnerability is a NULL pointer de-reference in Win32k that allows a local attacker to gain privileges on affected systems (Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server ...
CVE-2011-1237
The CVE-2011-1237 issue affects Windows kernel-mode driver win32k.sys across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7 SP1). Root cause: use-after-free in the win32k.sys driver object management, enabling a local attacker with crafted input to...
CVE-2011-1984
CVE-2011-1984 affects the Windows WINS service on Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1. The vulnerability arises from how WINS processes loopback-interface traffic, allowing local attackers to elevate privileges by sending specially crafted packets. Impact is local ...
CVE-2013-1286
Summary: CVE-2013-1286 is a Windows USB Descriptor Vulnerability. The exposed flaw lies in USB kernel-mode drivers on Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, and Server 2012, where objects in memory are not properly handled, allowing physicall...
CVE-2013-1294
The CVE-2013-1294 entry describes a kernel race-condition vulnerability in the Windows family (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) where improper handling of in-memory objects can be abused by a crafted local application to ...
CVE-2013-1295
CVE-2013-1295 corresponds to a local privilege-escalation flaw in the Windows Client/Server Run-time Subsystem (CSRSS). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. Root cause: improper handling of objects in memory inside ...
CVE-2009-2508
CVE-2009-2508 affects Microsoft Windows ADFS SSO: the single sign-on implementation does not properly discard credentials at end of a session, enabling physically proximate attackers to impersonate a previous user by reusing browser-cache data. Affected are Windows Server 2003 SP2 and Windows Ser...
CVE-2009-2530
CVE-2009-2530 corresponds to an Internet Explorer memory corruption vulnerability (Uninitialized Memory Corruption) that could allow remote code execution when a user views a specially crafted Web page. Connected documents show Microsoft’s MS09-054 cumulative security update for Internet Explorer...
CVE-2010-0236
The CVE-2010-0236 entry concerns a Windows kernel memory allocation vulnerability in which memory is not properly allocated for the destination key when extracting a symbolic‑link registry key. A local attacker could exploit this elevation‑of‑privilege flaw to execute code in kernel mode, potenti...
CVE-2010-1883
CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...
CVE-2011-1985
CVE-2011-1985 affects the Windows kernel-mode driver win32k.sys. The issue arises from improper validation of user-mode input in Win32k, enabling local users to gain privileges or cause a denial of service via a crafted application, leading to a NULL pointer dereference and system crash. Affected...