738 matches found
CVE-2011-3414
CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...
CVE-2009-3126
CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...
CVE-2010-0028
CVE-2010-0028 is a remote code execution vulnerability in Microsoft Paint caused by an integer/heap overflow while decoding JPEG images. Affected software includes Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 (Paint decode path). Microsoft released MS10-005 to address the fla...
CVE-2012-1853
CVE-2012-1853 is a stack-based buffer overflow in the Remote Administration Protocol (RAP) handling of the LanmanWorkstation service on Microsoft Windows XP SP3. The vulnerability arises from the RAP response processing in the LAN Manager/Remote Administration Protocol stack, allowing a remote at...
CVE-2012-2526
The CVE-2012-2526 issue affects Microsoft Windows XP SP3 (RDP) where the RDP implementation mishandles in-memory objects, allowing remote code execution via specially crafted RDP packets that trigger access to a deleted object. Connected sources confirm this is a remote code execution vulnerabili...
CVE-2012-0175
CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...
CVE-2013-1313
CVE-2013-1313 corresponds to an OLE Automation use-after-parse in Windows XP SP3 where memory misallocation enables remote code execution via a crafted RTF document. Connected advisories note this as a code-execution vulnerability in Windows Common Controls (OLE) with remote impact. Mitigation pe...
CVE-2013-5056
The CVE-2013-5056 issue is a use-after-free vulnerability in the Microsoft Scripting Runtime Object Library (scrrun.dll) that allows remote code execution when a user visits a crafted website via Internet Explorer. Affected products span multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vis...
CVE-2009-1926
CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...
CVE-2010-0020
CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...
CVE-2012-4774
CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...
CVE-2013-3181
CVE-2013-3181 affects the Unicode Script Processor (USP10.DLL) used by Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability enables remote code execution via crafted OpenType fonts, described as the Uniscribe Font Parsing Engine Memory Corruption. Microsoft issued MS13-060 with patch...
CVE-2019-1489
CVE-2019-1489 is an information disclosure vulnerability in Windows Remote Desktop Protocol (RDP). Public sources describe memory handling faults that can allow an attacker to obtain sensitive information by remote connection and running a crafted application. The advisory/tracking entries note a...
CVE-2008-4834
CVE-2008-4834 corresponds to a buffer overflow in the Server service of Microsoft Windows SMB handling. Affected products include Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP1/SP2. The root cause is improper validation of SMB NT Trans request data, allowing remote attackers to craft m...
CVE-2009-1930
The CVE-2009-1930 entry describes a Telnet Credential Reflection vulnerability in Windows Telnet service. A remote attacker could trigger arbitrary code execution by replaying NTLM credentials from a client to the Telnet server. Affected products include Windows 2000 (SP4), XP (SP2/SP3), Server 2...
CVE-2012-0009
CVE-2012-0009 affects Windows Object Packager handling in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability stems from how Object Packager registers/implements packages stored on network shares, WebDAV, and UNC paths, allowing local privilege escalation via a Trojan horse executab...
CVE-2006-7210
The CVE-2006-7210 entry relates to Microsoft Windows 2000, XP, and Server 2003 where remote attackers can trigger a DoS (CPU consumption) by viewing a crafted PNG image that abuses the IHDR block (specifics: crafted Width and Height values). The vulnerability affects the PNG image handling path i...
CVE-2008-4835
CVE-2008-4835 affects Microsoft Windows SMB Server service across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1/Gold, and Server 2008. The root cause is insufficient validation of buffer size for malformed values inside NT Trans2 SMB requests, enabling remote code execution. The vu...
CVE-2007-5348
The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...
CVE-2010-2550
CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...
CVE-2010-3956
CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....
CVE-2011-5046
CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...
CVE-2013-0006
CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...
CVE-2005-0356
CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...
CVE-2006-0010
CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...
CVE-2011-3402
CVE-2011-3402 is a Windows kernel‑mode vulnerability in the TrueType font parsing engine of win32k.sys that allows remote code execution via crafted font data in Word/web content. The issue affects multiple Windows versions (XP/Server 2003, Vista/Server 2008, Windows 7 and Windows 7/Server 2008 R...
CVE-2012-1528
CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...
CVE-2010-3138
The CVE-2010-3138 issue affects Microsoft Windows XP SP3 with the Indeo Codec (iac25_32.ax) loading an insecure library (iacenc.dll) from the current working directory, enabling local privilege escalation via crafted .avi/.mka/.ra/.ram files (e.g., through players like BS.Player or Media Player C...
CVE-2004-0790
CVE-2004-0790 describes a denial-of-service condition caused by spoofed ICMP error messages that disrupt TCP connections. In published connected materials, the vulnerability is tied to BIG-IP products, notably FastL4 accelerated virtual servers on ePVA-equipped platforms (e.g., VIPRION blades and...
CVE-2009-0090
CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...
CVE-2009-2507
CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...
CVE-2006-6296
The CVE-2006-6296 issue affects the Windows Print Spooler (SPOOLSS) via the RpcGetPrinterData function in spoolsv.exe. A remote attacker can trigger a denial of service by sending a crafted RPC request with a large output buffer size, causing memory consumption on affected systems. Affected produ...
CVE-2009-2501
CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...
CVE-2010-0022
CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...
CVE-2009-1133
CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...
CVE-2011-1249
CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...
CVE-2003-0822
Affected software : Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002. Vulnerability : a buffer overflow in the debug functionality of fp30reg.dll (MS03-051) that can be triggered via a crafted chunked-encoded request, allowing remote code execution. Impact : remote attacker could execut...
CVE-2003-0661
The CVE-2003-0661 entry concerns the NetBIOS NBNS information disclosure vulnerability in Windows NT 4.0, 2000, XP, and Server 2003. The NBNS response may leak random memory contents from the target, potentially revealing sensitive data to remote attackers. Public details across connected documen...
CVE-2010-0021
CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...
CVE-2012-0173
Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.
CVE-2003-0528
Technical details for CVE-2003-0528 are not publicly provided in the supplied documents. Monitor for updates from official advisories; related CVEs (e.g., CVE-2003-0352) are discussed but do not specify 0528 specifics.
CVE-2013-3174
CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...
CVE-2004-0575
CVE-2004-0575 is a Microsoft Windows vulnerability: an integer overflow in DUNZIP32.DLL (InnerMedia) that affects Windows XP/XP x64 and Windows Server 2003/64, caused by an unchecked buffer and improper length validation when handling ZIP-compressed folders. This allows remote code execution if a...
CVE-2012-0181
CVE-2012-0181 affects Win32k.sys in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 CP). The vulnerability is a memory-corruption/logic issue in the kernel-mode ReadLayoutFile path that handles keyboard layout files, allowing loc...
CVE-2009-0550
CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...
CVE-2009-2502
CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...
CVE-2008-3013
CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...
CVE-2004-0120
CVE-2004-0120 is a denial-of-service vulnerability in the Microsoft SSL library used by Windows 2000, Windows XP, and Windows Server 2003. A specially crafted malformed SSL message could cause the system to stop accepting SSL connections (Windows 2000/XP) or, on Windows Server 2003, to automatica...
CVE-2012-0180
CVE-2012-0180 affects win32k.sys in multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8 CP). The issue is improper handling of user-mode input in kernel-mode for windows and messages, enabling local privilege escalation via a crafted app...
CVE-2003-0818
CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...