Windows Xp@* Security Vulnerabilities and Issues — Page 11 of Windows Xp@* CVE List

4.9CVSS6.4AI score0.00434EPSS

CVE-2013-1252

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel ...

7CVSS6.4AI score0.003EPSS

CVE-2013-1253

CVE-2013-1258

CVE-2013-1266

CVE-2013-1267

4.9CVSS6.4AI score0.00434EPSS

CVE-2013-1272

4.9CVSS6.4AI score0.00434EPSS

CVE-2013-1274

CVE•added 2013/08/14 11:10 a.m.•47 views

CVE-2013-3196

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileg...

7.2CVSS6.2AI score0.01283EPSS

CVE•added 2013/08/14 11:10 a.m.•47 views

CVE-2013-3197

7.2CVSS6.2AI score0.01283EPSS

CVE•added 2004/09/01 4:0 a.m.•46 views

CVE-2002-1327

Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."

7.5CVSS7.7AI score0.36906EPSS

CVE•added 2007/11/01 5:0 p.m.•46 views

CVE-2002-2401

NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.

3.6CVSS7.4AI score0.00513EPSS

CVE•added 2005/10/13 10:2 a.m.•46 views

CVE-2005-1985

The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.

7.5CVSS7.6AI score0.58178EPSS

CVE•added 2006/02/01 8:0 p.m.•46 views

CVE-2005-4696

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

2.1CVSS6.8AI score0.0531EPSS

CVE•added 2006/02/14 7:6 p.m.•46 views

CVE-2006-0005

Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attri...

9.3CVSS7.4AI score0.71765EPSS

CVE•added 2006/12/13 1:28 a.m.•46 views

CVE-2006-4702

Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

6.8CVSS7.6AI score0.55346EPSS

CVE•added 2006/12/20 2:28 a.m.•46 views

CVE-2006-6659

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

5CVSS6.9AI score0.23391EPSS

CVE•added 2008/02/12 9:0 p.m.•46 views

CVE-2008-0088

Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

6.8CVSS6.3AI score0.64186EPSS

CVE•added 2009/10/14 10:30 a.m.•46 views

CVE-2009-2529

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

9.3CVSS7.2AI score0.26343EPSS

CVE•added 2009/12/09 6:30 p.m.•46 views

CVE-2009-3673

Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3CVSS7.4AI score0.57317EPSS

CVE•added 2011/02/09 1:0 a.m.•46 views

CVE-2011-0088

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.3AI score0.00584EPSS

7.2CVSS6.4AI score0.00845EPSS

CVE-2011-1226

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00845EPSS

CVE-2011-1228

7.8CVSS6.5AI score0.01027EPSS

CVE-2011-1236

7.2CVSS6.4AI score0.01624EPSS

CVE-2011-1237

CVE•added 2011/04/13 6:55 p.m.•46 views

CVE-2011-1243

The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability."

9.3CVSS7.7AI score0.45016EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1878

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2011/07/13 11:55 p.m.•46 views

CVE-2011-1879

7.2CVSS6.5AI score0.0061EPSS

CVE•added 2013/02/13 12:4 p.m.•46 views

CVE-2013-1261

CVE•added 2013/02/13 12:4 p.m.•46 views

CVE-2013-1263