Windows Vista Security Vulnerabilities and Issues — Windows Vista CVE List

Lucene search

MicrosoftWindows Vista

7 matches found

CVE•added 2009/09/08 10:30 p.m.•643 views

CVE-2009-3103

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Proc...

10CVSS9.4AI score0.92944EPSS

CVE•added 2009/09/08 10:30 p.m.•124 views

CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the...

7.8CVSS6.4AI score0.70368EPSS

CVE•added 2009/09/08 10:30 p.m.•101 views

CVE-2009-1925

The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecif...

10CVSS7.9AI score0.41899EPSS

CVE•added 2009/09/08 10:30 p.m.•79 views

CVE-2009-2499

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Co...

8.5CVSS7.5AI score0.39788EPSS

CVE•added 2009/09/08 10:30 p.m.•73 views

CVE-2009-2498

Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Me...

9.3CVSS7.4AI score0.3851EPSS

CVE•added 2009/09/08 10:30 p.m.•61 views

CVE-2009-1920

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption,...

9.3CVSS7.5AI score0.40088EPSS

CVE•added 2009/09/08 10:30 p.m.•45 views

CVE-2009-1132

Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerabilit...

9.3CVSS8.5AI score0.45545EPSS