Lucene search
+L
MicrosoftWindows Xp

738 matches found

cve
cve
added 2011/12/30 1:0 a.m.153 views

CVE-2011-3414

CVE-2011-3414 concerns a denial-of-service in the Microsoft .NET Framework ASP.NET HashTable mapping. The vulnerability arises from the CaseInsensitiveHashProvider.getHashCode function used by the HashTable implementation across .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, which can ...

7.8CVSS6.4AI score0.58895EPSS
cve
cve
added 2009/10/14 10:0 a.m.152 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
cve
cve
added 2010/02/10 6:0 p.m.152 views

CVE-2010-0028

CVE-2010-0028 is a remote code execution vulnerability in Microsoft Paint caused by an integer/heap overflow while decoding JPEG images. Affected software includes Windows 2000 SP4, Windows XP SP2/SP3, and Windows Server 2003 SP2 (Paint decode path). Microsoft released MS10-005 to address the fla...

9.3CVSS7.7AI score0.48452EPSS
cve
cve
added 2012/08/15 1:0 a.m.152 views

CVE-2012-1853

CVE-2012-1853 is a stack-based buffer overflow in the Remote Administration Protocol (RAP) handling of the LanmanWorkstation service on Microsoft Windows XP SP3. The vulnerability arises from the RAP response processing in the LAN Manager/Remote Administration Protocol stack, allowing a remote at...

10CVSS8.1AI score0.29027EPSS
cve
cve
added 2012/08/15 1:0 a.m.152 views

CVE-2012-2526

The CVE-2012-2526 issue affects Microsoft Windows XP SP3 (RDP) where the RDP implementation mishandles in-memory objects, allowing remote code execution via specially crafted RDP packets that trigger access to a deleted object. Connected sources confirm this is a remote code execution vulnerabili...

9.3CVSS7.6AI score0.25114EPSS
cve
cve
added 2012/07/10 9:0 p.m.151 views

CVE-2012-0175

CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...

9.3CVSS7.8AI score0.2621EPSS
cve
cve
added 2013/02/13 11:0 a.m.150 views

CVE-2013-1313

CVE-2013-1313 corresponds to an OLE Automation use-after-parse in Windows XP SP3 where memory misallocation enables remote code execution via a crafted RTF document. Connected advisories note this as a code-execution vulnerability in Windows Common Controls (OLE) with remote impact. Mitigation pe...

9.3CVSS7.9AI score0.22701EPSS
cve
cve
added 2013/12/11 12:0 a.m.149 views

CVE-2013-5056

The CVE-2013-5056 issue is a use-after-free vulnerability in the Microsoft Scripting Runtime Object Library (scrrun.dll) that allows remote code execution when a user visits a crafted website via Internet Explorer. Affected products span multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vis...

9.3CVSS7.3AI score0.20353EPSS
cve
cve
added 2009/09/08 10:0 p.m.148 views

CVE-2009-1926

CVE-2009-1926 describes a TCP/IP processing vulnerability in Microsoft Windows that can cause a denial of service by flooding a host with specially crafted TCP packets featuring a small or zero receive window. The issue occurs when connections remain in FIN-WAIT-1 or FIN-WAIT-2 and the sender doe...

7.8CVSS6.4AI score0.35042EPSS
Web
cve
cve
added 2010/02/10 6:0 p.m.148 views

CVE-2010-0020

CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...

9CVSS7.1AI score0.32032EPSS
cve
cve
added 2012/12/12 12:0 a.m.148 views

CVE-2012-4774

CVE-2012-4774 is a Windows File Handling Component vulnerability. A crafted file or subfolder name can trigger use of unallocated memory as the destination of a copy operation, enabling remote code execution on affected Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windo...

9.3CVSS7.5AI score0.20766EPSS
cve
cve
added 2013/08/14 10:0 a.m.148 views

CVE-2013-3181

CVE-2013-3181 affects the Unicode Script Processor (USP10.DLL) used by Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability enables remote code execution via crafted OpenType fonts, described as the Uniscribe Font Parsing Engine Memory Corruption. Microsoft issued MS13-060 with patch...

9.3CVSS7.5AI score0.20444EPSS
cve
cve
added 2019/12/10 9:41 p.m.148 views

CVE-2019-1489

CVE-2019-1489 is an information disclosure vulnerability in Windows Remote Desktop Protocol (RDP). Public sources describe memory handling faults that can allow an attacker to obtain sensitive information by remote connection and running a crafted application. The advisory/tracking entries note a...

7.5CVSS7.4AI score0.07736EPSS
cve
cve
added 2009/01/14 10:0 p.m.147 views

CVE-2008-4834

CVE-2008-4834 corresponds to a buffer overflow in the Server service of Microsoft Windows SMB handling. Affected products include Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP1/SP2. The root cause is improper validation of SMB NT Trans request data, allowing remote attackers to craft m...

10CVSS8.4AI score0.45756EPSS
cve
cve
added 2009/08/12 5:0 p.m.146 views

CVE-2009-1930

The CVE-2009-1930 entry describes a Telnet Credential Reflection vulnerability in Windows Telnet service. A remote attacker could trigger arbitrary code execution by replaying NTLM credentials from a client to the Telnet server. Affected products include Windows 2000 (SP4), XP (SP2/SP3), Server 2...

10CVSS7.5AI score0.41388EPSS
cve
cve
added 2012/01/10 9:0 p.m.146 views

CVE-2012-0009

CVE-2012-0009 affects Windows Object Packager handling in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability stems from how Object Packager registers/implements packages stored on network shares, WebDAV, and UNC paths, allowing local privilege escalation via a Trojan horse executab...

9.3CVSS6.3AI score0.20561EPSS
cve
cve
added 2007/06/27 5:0 p.m.142 views

CVE-2006-7210

The CVE-2006-7210 entry relates to Microsoft Windows 2000, XP, and Server 2003 where remote attackers can trigger a DoS (CPU consumption) by viewing a crafted PNG image that abuses the IHDR block (specifics: crafted Width and Height values). The vulnerability affects the PNG image handling path i...

5CVSS6.8AI score0.28358EPSS
cve
cve
added 2009/01/14 10:0 p.m.142 views

CVE-2008-4835

CVE-2008-4835 affects Microsoft Windows SMB Server service across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1/Gold, and Server 2008. The root cause is insufficient validation of buffer size for malformed values inside NT Trans2 SMB requests, enabling remote code execution. The vu...

10CVSS8.2AI score0.44925EPSS
cve
cve
added 2008/09/10 3:0 p.m.141 views

CVE-2007-5348

The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...

9.3CVSS8AI score0.52886EPSS
cve
cve
added 2010/08/11 6:0 p.m.141 views

CVE-2010-2550

CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...

10CVSS9.3AI score0.7572EPSS
cve
cve
added 2010/12/16 7:0 p.m.140 views

CVE-2010-3956

CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....

9.3CVSS6.3AI score0.08274EPSS
cve
cve
added 2011/12/30 7:0 p.m.140 views

CVE-2011-5046

CVE-2011-5046 affects the Windows kernel component win32k.sys (GDI) across multiple OS versions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue arises from improper validation of user-mode input in GDI, enabling remote attackers to execute arbitrary code ...

9.3CVSS7.7AI score0.45457EPSS
cve
cve
added 2013/01/09 6:0 p.m.139 views

CVE-2013-0006

CVE-2013-0006 is associated with OSIsoft PI Interface for OPC XML-DA (ICS advisory ICSA-20-315-01) and Microsoft MSXML/MS13-002 context. Connected documents identify the affected product as PI Interface for OPC XML-DA versions prior to 1.7.3.x, where the vulnerability stems from numeric errors/st...

9.3CVSS7.5AI score0.28084EPSS
cve
cve
added 2005/05/31 4:0 a.m.138 views

CVE-2005-0356

CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...

5CVSS6.2AI score0.83284EPSS
cve
cve
added 2006/01/10 10:0 p.m.138 views

CVE-2006-0010

CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...

9.3CVSS7.7AI score0.32189EPSS
cve
cve
added 2011/11/04 9:0 p.m.138 views

CVE-2011-3402

CVE-2011-3402 is a Windows kernel‑mode vulnerability in the TrueType font parsing engine of win32k.sys that allows remote code execution via crafted font data in Word/web content. The issue affects multiple Windows versions (XP/Server 2003, Vista/Server 2008, Windows 7 and Windows 7/Server 2008 R...

9.3CVSS7.4AI score0.78285EPSS
In wild
cve
cve
added 2012/11/14 12:0 a.m.138 views

CVE-2012-1528

CVE-2012-1528 is a Windows Shell vulnerability originating from an integer overflow in the Briefcase feature. The flaw affects multiple Windows client/server platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP, Windows 7 SP1, Windows 8, Server 2012) and can let local users gain p...

9.3CVSS6.6AI score0.18163EPSS
cve
cve
added 2010/08/27 6:10 p.m.135 views

CVE-2010-3138

The CVE-2010-3138 issue affects Microsoft Windows XP SP3 with the Indeo Codec (iac25_32.ax) loading an insecure library (iacenc.dll) from the current working directory, enabling local privilege escalation via crafted .avi/.mka/.ra/.ram files (e.g., through players like BS.Player or Media Player C...

9.3CVSS6.5AI score0.26693EPSS
cve
cve
added 2005/04/13 4:0 a.m.132 views

CVE-2004-0790

CVE-2004-0790 describes a denial-of-service condition caused by spoofed ICMP error messages that disrupt TCP connections. In published connected materials, the vulnerability is tied to BIG-IP products, notably FastL4 accelerated virtual servers on ePVA-equipped platforms (e.g., VIPRION blades and...

5CVSS7.5AI score0.80675EPSS
cve
cve
added 2009/10/14 10:0 a.m.132 views

CVE-2009-0090

CVE-2009-0090 corresponds to a high-severity remote code execution vulnerability in Microsoft .NET Framework. The issue arises because .NET Framework versions 1.0 SP3, 1.1 SP1 and 2.0 SP1 do not properly validate verifiable code, enabling a remote attacker to execute arbitrary code and read stack...

9.3CVSS9.4AI score0.20982EPSS
cve
cve
added 2009/10/14 10:0 a.m.132 views

CVE-2009-2507

CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...

9.3CVSS7.1AI score0.19291EPSS
cve
cve
added 2006/12/05 11:0 a.m.129 views

CVE-2006-6296

The CVE-2006-6296 issue affects the Windows Print Spooler (SPOOLSS) via the RpcGetPrinterData function in spoolsv.exe. A remote attacker can trigger a denial of service by sending a crafted RPC request with a large output buffer size, causing memory consumption on affected systems. Affected produ...

6.1CVSS6.6AI score0.23566EPSS
cve
cve
added 2009/10/14 10:0 a.m.129 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
cve
cve
added 2010/02/10 6:0 p.m.125 views

CVE-2010-0022

CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...

7.8CVSS6.3AI score0.79499EPSS
cve
cve
added 2009/08/12 5:0 p.m.124 views

CVE-2009-1133

CVE-2009-1133 corresponds to a heap-based buffer overflow in Microsoft Remote Desktop Connection (mstsc/ mstscax.dll) affecting RDP clients (RDP 5.0–6.1 on Windows and Mac 2.0). The underlying flaw occurs during parsing of data from the RDP server, allowing a remote attacker to execute arbitrary ...

9.3CVSS8.2AI score0.30496EPSS
cve
cve
added 2011/06/16 8:21 p.m.124 views

CVE-2011-1249

CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...

7.2CVSS6.3AI score0.08488EPSS
Web
cve
cve
added 2003/11/18 5:0 a.m.123 views

CVE-2003-0822

Affected software : Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002. Vulnerability : a buffer overflow in the debug functionality of fp30reg.dll (MS03-051) that can be triggered via a crafted chunked-encoded request, allowing remote code execution. Impact : remote attacker could execut...

7.5CVSS7.4AI score0.83075EPSS
cve
cve
added 2003/09/04 4:0 a.m.122 views

CVE-2003-0661

The CVE-2003-0661 entry concerns the NetBIOS NBNS information disclosure vulnerability in Windows NT 4.0, 2000, XP, and Server 2003. The NBNS response may leak random memory contents from the target, potentially revealing sensitive data to remote attackers. Public details across connected documen...

5CVSS6.3AI score0.25103EPSS
cve
cve
added 2010/02/10 6:0 p.m.122 views

CVE-2010-0021

CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...

7.1CVSS6.4AI score0.14385EPSS
cve
cve
added 2012/06/12 10:0 p.m.122 views

CVE-2012-0173

Technical details for CVE-2012-0173 are not provided in the connected documents. The materials reference CVE-2012-0002 and MS12-020 but do not disclose specifics for CVE-2012-0173. Monitor for updates.

9.3CVSS9.4AI score0.20933EPSS
cve
cve
added 2003/09/12 4:0 a.m.121 views

CVE-2003-0528

Technical details for CVE-2003-0528 are not publicly provided in the supplied documents. Monitor for updates from official advisories; related CVEs (e.g., CVE-2003-0352) are discussed but do not specify 0528 specifics.

10CVSS7.8AI score0.37799EPSS
cve
cve
added 2013/07/10 1:0 a.m.121 views

CVE-2013-3174

CVE-2013-3174 corresponds to a remote code execution in Microsoft DirectShow via specially crafted GIF files. Affected: DirectShow in Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012. Root cause: faulty GIF image parsing leads to arbitr...

9.3CVSS7.4AI score0.31979EPSS
cve
cve
added 2004/10/16 4:0 a.m.120 views

CVE-2004-0575

CVE-2004-0575 is a Microsoft Windows vulnerability: an integer overflow in DUNZIP32.DLL (InnerMedia) that affects Windows XP/XP x64 and Windows Server 2003/64, caused by an unchecked buffer and improper length validation when handling ZIP-compressed folders. This allows remote code execution if a...

10CVSS7.7AI score0.603EPSS
cve
cve
added 2012/05/09 12:0 a.m.120 views

CVE-2012-0181

CVE-2012-0181 affects Win32k.sys in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 CP). The vulnerability is a memory-corruption/logic issue in the kernel-mode ReadLayoutFile path that handles keyboard layout files, allowing loc...

7.2CVSS6.2AI score0.03401EPSS
cve
cve
added 2009/04/15 3:49 a.m.119 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11843EPSS
cve
cve
added 2009/10/14 10:0 a.m.119 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
cve
cve
added 2008/09/10 3:0 p.m.118 views

CVE-2008-3013

CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...

9.3CVSS7.7AI score0.52065EPSS
cve
cve
added 2004/04/16 4:0 a.m.117 views

CVE-2004-0120

CVE-2004-0120 is a denial-of-service vulnerability in the Microsoft SSL library used by Windows 2000, Windows XP, and Windows Server 2003. A specially crafted malformed SSL message could cause the system to stop accepting SSL connections (Windows 2000/XP) or, on Windows Server 2003, to automatica...

5CVSS7.2AI score0.55583EPSS
cve
cve
added 2012/05/09 12:0 a.m.117 views

CVE-2012-0180

CVE-2012-0180 affects win32k.sys in multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8 CP). The issue is improper handling of user-mode input in kernel-mode for windows and messages, enabling local privilege escalation via a crafted app...

7.8CVSS6.2AI score0.01263EPSS
cve
cve
added 2004/02/11 5:0 a.m.116 views

CVE-2003-0818

CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...

7.5CVSS7.4AI score0.84008EPSS
Total number of security vulnerabilities738