Lucene search

K

48 matches found

CVE
CVE
added 2010/07/22 10:0 a.m.1617 views

CVE-2010-2568

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explor...

9.3CVSS7.7AI score0.93296EPSS
CVE
CVE
added 2010/12/06 1:44 p.m.1004 views

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (...

7.8CVSS6.8AI score0.14487EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.174 views

CVE-2010-0480

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stac...

9.3CVSS7.5AI score0.81749EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.151 views

CVE-2010-0476

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response ...

10CVSS7.7AI score0.49066EPSS
CVE
CVE
added 2010/09/15 7:0 p.m.127 views

CVE-2010-2729

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create fi...

9.3CVSS9.2AI score0.79463EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.122 views

CVE-2010-3956

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTy...

9.3CVSS6.3AI score0.404EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.113 views

CVE-2010-2550

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SM...

10CVSS9.3AI score0.81407EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.87 views

CVE-2010-2551

The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SM...

7.8CVSS6.4AI score0.66186EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.84 views

CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers ...

10CVSS7.5AI score0.61275EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.80 views

CVE-2010-2552

Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."

7.8CVSS6.4AI score0.68306EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.69 views

CVE-2010-2554

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vuln...

7.8CVSS6.3AI score0.03437EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.68 views

CVE-2010-0492

Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability....

9.3CVSS7.5AI score0.59559EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.67 views

CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute...

7.8CVSS6.7AI score0.00965EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.66 views

CVE-2010-2744

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindow...

7.2CVSS6.1AI score0.03606EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.65 views

CVE-2010-0252

The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remot...

9.3CVSS7.4AI score0.42858EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.65 views

CVE-2010-0487

The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does n...

9.3CVSS7.6AI score0.43076EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.64 views

CVE-2010-1890

The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability....

4.6CVSS5.9AI score0.00484EPSS
CVE
CVE
added 2010/06/08 8:30 p.m.62 views

CVE-2010-0819

Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation...

7.2CVSS7.1AI score0.03227EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.61 views

CVE-2010-0017

Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local u...

9.3CVSS7.1AI score0.44228EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.61 views

CVE-2010-0234

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted applicatio...

4.7CVSS6AI score0.0066EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.60 views

CVE-2010-0490

Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulne...

9.3CVSS7.6AI score0.59668EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.60 views

CVE-2010-1887

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of ser...

4.4CVSS6.1AI score0.00495EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.60 views

CVE-2010-3939

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies f...

7.2CVSS6.8AI score0.01806EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.59 views

CVE-2010-0811

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote...

9.3CVSS7.6AI score0.58326EPSS
CVE
CVE
added 2010/10/13 7:0 p.m.59 views

CVE-2010-1883

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "E...

9.3CVSS7.7AI score0.67174EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.58 views

CVE-2010-0494

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another...

4.3CVSS5.4AI score0.46282EPSS
CVE
CVE
added 2010/08/27 7:0 p.m.58 views

CVE-2010-3147

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll f...

9.3CVSS6.3AI score0.30114EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.57 views

CVE-2010-0250

Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 200...

9.3CVSS7.9AI score0.71235EPSS
CVE
CVE
added 2010/03/31 7:30 p.m.57 views

CVE-2010-0807

Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

9.3CVSS7.6AI score0.59668EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.57 views

CVE-2010-3941

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulner...

8.4CVSS6.3AI score0.03471EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.56 views

CVE-2010-3940

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer D...

7.2CVSS6.4AI score0.03833EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.56 views

CVE-2010-3943

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigg...

7.2CVSS6.4AI score0.02125EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.55 views

CVE-2010-2553

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

9.3CVSS7.3AI score0.74679EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.54 views

CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts...

6.8CVSS7.2AI score0.02418EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.54 views

CVE-2010-1896

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted appli...

8.4CVSS6.2AI score0.01055EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.53 views

CVE-2010-0812

Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerabili...

6.4CVSS6.5AI score0.39705EPSS
CVE
CVE
added 2010/10/26 10:0 p.m.53 views

CVE-2010-3227

Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 all...

9.3CVSS7.8AI score0.54804EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.52 views

CVE-2010-0484

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Devic...

6.8CVSS7AI score0.02306EPSS
CVE
CVE
added 2010/09/15 7:0 p.m.52 views

CVE-2010-2738

The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenTy...

9.3CVSS7.3AI score0.25677EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.52 views

CVE-2010-3959

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."

6.9CVSS6.4AI score0.30858EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.51 views

CVE-2010-3942

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted ...

7.2CVSS6.4AI score0.01575EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.50 views

CVE-2010-0481

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual P...

5.5CVSS6AI score0.0067EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.50 views

CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a f...

9.3CVSS7.6AI score0.44165EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.50 views

CVE-2010-1889

Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."

7.8CVSS6.1AI score0.00944EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.49 views

CVE-2010-1897

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local...

7.2CVSS6.2AI score0.01971EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.44 views

CVE-2010-0810

The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."

4.7CVSS6AI score0.0128EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.42 views

CVE-2010-2555

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors i...

6.8CVSS6.6AI score0.00765EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.38 views

CVE-2010-3957

Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free...

7.3CVSS6.4AI score0.04043EPSS