Windows Vista@- Security Vulnerabilities and Issues — Windows Vista@- CVE List

Lucene search

MicrosoftWindows Vista-

16 matches found

CVE•added 2008/10/23 10:0 p.m.•525 views

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by...

10CVSS9.5AI score0.94126EPSS

CVE•added 2008/10/20 5:59 p.m.•481 views

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

7.1CVSS8.8AI score0.00461EPSS

CVE•added 2008/09/11 1:1 a.m.•114 views

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 20...

9.3CVSS8AI score0.76417EPSS

CVE•added 2008/11/12 11:30 p.m.•107 views

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Ref...

9.3CVSS7.2AI score0.7553EPSS

CVE•added 2008/09/11 1:11 a.m.•86 views

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital ...

9.3CVSS7.8AI score0.71547EPSS

CVE•added 2008/09/11 1:11 a.m.•66 views

CVE-2008-3012

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, S...

9.3CVSS7.7AI score0.70686EPSS

CVE•added 2008/04/21 5:5 p.m.•59 views

CVE-2008-1436

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second servi...

9CVSS6.5AI score0.61382EPSS

CVE•added 2008/04/08 11:5 p.m.•54 views

CVE-2008-0087

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

8.8CVSS6.8AI score0.58949EPSS

CVE•added 2008/08/13 12:42 p.m.•54 views

CVE-2008-1457

The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.

9CVSS7AI score0.51518EPSS

CVE•added 2008/04/08 11:5 p.m.•53 views

CVE-2008-1083

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, ...

9.3CVSS7.7AI score0.62174EPSS

CVE•added 2008/06/12 2:32 a.m.•51 views

CVE-2008-1441

Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."

5.4CVSS6.3AI score0.57393EPSS

CVE•added 2008/10/09 6:0 p.m.•48 views

CVE-2008-4510

Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.

4.9CVSS6.1AI score0.01034EPSS

CVE•added 2008/04/23 1:5 p.m.•43 views

CVE-2007-6255

Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.

9.3CVSS7.9AI score0.59809EPSS

CVE•added 2008/10/15 12:12 a.m.•43 views

CVE-2008-2252

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruptio...

7.2CVSS6AI score0.01037EPSS

CVE•added 2008/08/13 12:42 p.m.•39 views

CVE-2008-1456

Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function ...

9CVSS7AI score0.55037EPSS

CVE•added 2008/08/13 12:41 a.m.•35 views

CVE-2008-2246

Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.

7.8CVSS6.4AI score0.53579EPSS