Windows Xp Security Vulnerabilities and Issues — Page 2 of Windows Xp CVE List

Lucene search

MicrosoftWindows Xp

101 matches found

CVE•added 2011/04/13 6:55 p.m.•52 views

CVE-2011-0041

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

9.3CVSS7.6AI score0.7426EPSS

CVE•added 2011/04/13 8:26 p.m.•52 views

CVE-2011-1240

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/12/14 12:55 a.m.•52 views

CVE-2011-2018

The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerab...

7.2CVSS6.2AI score0.00623EPSS

CVE•added 2011/06/16 8:55 p.m.•51 views

CVE-2011-0658

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a ...

9.3CVSS7.5AI score0.31103EPSS

CVE•added 2011/04/13 6:55 p.m.•51 views

CVE-2011-0670

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0671

8.4CVSS6.5AI score0.01054EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0672

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-1227

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/07/13 11:55 p.m.•51 views

CVE-2011-1875

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•50 views

CVE-2011-0087

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validati...

7.2CVSS6.3AI score0.00751EPSS

CVE•added 2011/07/13 11:55 p.m.•50 views

CVE-2011-1881

8.4CVSS6.4AI score0.00759EPSS

CVE•added 2011/07/13 11:55 p.m.•50 views

CVE-2011-1882

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/01/07 12:0 p.m.•49 views

CVE-2010-4669

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) mess...

7.8CVSS7.2AI score0.07851EPSS

CVE•added 2011/02/10 4:0 p.m.•49 views

CVE-2011-0033

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitra...

9.3CVSS7.6AI score0.2718EPSS

CVE•added 2011/02/09 1:0 a.m.•49 views

CVE-2011-0045

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to Wm...

7.2CVSS6.3AI score0.01785EPSS

CVE•added 2011/02/09 1:0 a.m.•49 views

CVE-2011-0089

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.00859EPSS

CVE•added 2011/04/13 6:55 p.m.•49 views

CVE-2011-0667

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•49 views

CVE-2011-1225

7.2CVSS6.4AI score0.00827EPSS

CVE•added 2011/07/13 11:55 p.m.•49 views

CVE-2011-1283

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and w...

7.2CVSS6.5AI score0.00773EPSS

CVE•added 2011/06/16 8:55 p.m.•49 views

CVE-2011-1868

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."

10CVSS7.5AI score0.34714EPSS

CVE•added 2011/07/13 11:55 p.m.•49 views

CVE-2011-1886

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation ...

2.1CVSS5.9AI score0.00399EPSS

CVE•added 2011/02/09 1:0 a.m.•48 views

CVE-2011-0030

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout...

4.7CVSS6.1AI score0.01728EPSS

CVE•added 2011/04/13 6:55 p.m.•48 views

CVE-2011-0660

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Respon...

9.3CVSS7.5AI score0.4891EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1234

7.2CVSS6.4AI score0.00639EPSS

CVE•added 2011/04/13 8:26 p.m.•48 views

CVE-2011-1239

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•48 views

CVE-2011-1883

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•47 views

CVE-2011-0086

7.2CVSS6.4AI score0.01164EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1235

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•47 views

CVE-2011-1241

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/08/10 9:55 p.m.•47 views

CVE-2011-1968

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) wa...

7.1CVSS6.6AI score0.74889EPSS

CVE•added 2011/02/09 1:0 a.m.•46 views

CVE-2011-0088

7.2CVSS6.3AI score0.00584EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1226

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1228

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1236

7.8CVSS6.5AI score0.01027EPSS

CVE•added 2011/04/13 8:26 p.m.•46 views

CVE-2011-1237

7.2CVSS6.4AI score0.01624EPSS

CVE•added 2011/04/13 6:55 p.m.•46 views

CVE-2011-1243

The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."

9.3CVSS7.7AI score0.45016EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1878

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1879

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/04/13 8:26 p.m.•45 views

CVE-2011-0675

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•45 views

CVE-2011-1884

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•44 views

CVE-2011-0039

The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."

7.2CVSS6.6AI score0.0128EPSS

CVE•added 2011/04/13 6:55 p.m.•44 views

CVE-2011-0665

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•44 views

CVE-2011-0673

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."

7.2CVSS6.4AI score0.00449EPSS

CVE•added 2011/04/13 8:26 p.m.•44 views

CVE-2011-1233

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/06/16 8:55 p.m.•44 views

CVE-2011-1873

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, wh...

9.3CVSS7.6AI score0.33768EPSS

CVE•added 2011/02/10 4:0 p.m.•43 views

CVE-2011-0043

Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."

7.2CVSS6.4AI score0.00651EPSS

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-0674

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•43 views

CVE-2011-1232

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/12/14 12:55 a.m.•43 views

CVE-2011-3401

ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.51783EPSS

CVE•added 2011/04/13 6:55 p.m.•42 views

CVE-2011-0666

7.2CVSS6.5AI score0.00623EPSS

Total number of security vulnerabilities101