Lucene search

K

29 matches found

CVE
CVE
added 2009/06/10 6:30 p.m.947 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability...

7.8CVSS6.2AI score0.04402EPSS
CVE
CVE
added 2009/07/29 5:30 p.m.173 views

CVE-2009-2493

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly r...

9.3CVSS7.2AI score0.47797EPSS
CVE
CVE
added 2009/11/11 7:30 p.m.152 views

CVE-2009-2512

The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory...

9.8CVSS7.3AI score0.61149EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.124 views

CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the...

7.8CVSS6.4AI score0.70368EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.109 views

CVE-2009-2526

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."

7.8CVSS6.3AI score0.80775EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.101 views

CVE-2009-1925

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecif...

10CVSS7.9AI score0.41899EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.100 views

CVE-2009-1930

The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection ...

10CVSS7.5AI score0.46181EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.97 views

CVE-2009-2532

Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "...

10CVSS7.5AI score0.61784EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.95 views

CVE-2009-1133

Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connectio...

9.3CVSS8.2AI score0.66645EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.90 views

CVE-2009-2494

The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and delet...

10CVSS7.4AI score0.57185EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.78 views

CVE-2009-1536

ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Un...

2.6CVSS6.4AI score0.5248EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.78 views

CVE-2009-2499

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Co...

8.5CVSS7.5AI score0.39788EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.73 views

CVE-2009-2498

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Me...

9.3CVSS7.4AI score0.3851EPSS
CVE
CVE
added 2009/07/15 3:30 p.m.61 views

CVE-2009-0232

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow...

9.3CVSS8.7AI score0.64215EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.61 views

CVE-2009-0568

The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that trig...

10CVSS6.6AI score0.54703EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.60 views

CVE-2009-1920

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption,...

9.3CVSS7.5AI score0.40088EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.60 views

CVE-2009-1929

Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka...

9.3CVSS8.1AI score0.68228EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.57 views

CVE-2009-1544

Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Serve...

9CVSS6.5AI score0.36621EPSS
CVE
CVE
added 2009/07/29 5:30 p.m.57 views

CVE-2009-1919

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted obj...

9.3CVSS7.5AI score0.60976EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.57 views

CVE-2009-2530

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...

9.3CVSS7.2AI score0.42147EPSS
CVE
CVE
added 2009/07/15 3:30 p.m.54 views

CVE-2009-0231

The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncatio...

9.3CVSS8.7AI score0.71385EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.53 views

CVE-2009-1547

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

9.3CVSS7.1AI score0.37945EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.51 views

CVE-2009-2531

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...

9.3CVSS7.2AI score0.42147EPSS
CVE
CVE
added 2009/04/15 8:0 a.m.50 views

CVE-2009-0080

The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging inc...

6.9CVSS6.5AI score0.02154EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.48 views

CVE-2009-1546

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or...

8.5CVSS7.9AI score0.63266EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.46 views

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

9.3CVSS7.2AI score0.26343EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.45 views

CVE-2009-1132

Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerabilit...

9.3CVSS8.5AI score0.45545EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.42 views

CVE-2009-1545

Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI...

9.3CVSS7.5AI score0.57802EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.41 views

CVE-2009-1922

The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MS...

6.9CVSS6.3AI score0.0158EPSS