Lucene search
K

663 matches found

CVE
CVE
added 2007/10/09 10:0 p.m.88 views

CVE-2007-2228

The CVE-2007-2228 entry describes a denial-of-service flaw in the RPC runtime library rpcrt4.dll on Windows platforms (XP SP2, XP x64, Server 2003 SP1/SP2, Server 2003 x64, Vista and Vista x64). The vulnerability occurs when parsing RPC authentication messages with NTLMSSP and PACKET level, where...

7.8CVSS6.4AI score0.43303EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.88 views

CVE-2009-0089

CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...

5.8CVSS6.5AI score0.05071EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.88 views

CVE-2010-0485

The CVE-2010-0485 issue affects Windows kernel-mode drivers in win32k.sys across multiple OS versions (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, Windows 7, Server 2008 R2). The vulnerability stems from improper validation of callback parameters when creat...

7.8CVSS6.7AI score0.01228EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.88 views

CVE-2010-2744

The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...

7.2CVSS6.1AI score0.04275EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.87 views

CVE-2009-0087

CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...

9.3CVSS7.5AI score0.25892EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.87 views

CVE-2009-0555

CVE-2009-0555 is a Windows Media Runtime issue affecting the ASF handling in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and ACM. The flaw allows remote code execution via a crafted ASF audio file that uses the Windows Media Speech codec, as described in multiple sources (MS09-...

9.3CVSS7.2AI score0.27086EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.87 views

CVE-2010-3147

CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...

9.3CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2011/03/09 10:0 p.m.87 views

CVE-2011-0029

The CVE-2011-0029 issue affects the Microsoft Remote Desktop Connection client (versions 5.2, 6.0, 6.1, 7.0). It is a local privilege-escalation vulnerability caused by an untrusted search path: a Trojan DLL loaded from the current working directory when a directory contains a .rdp file. Impact i...

9.3CVSS6.3AI score0.0716EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.86 views

CVE-2001-0877

CVE-2001-0877 describes an unchecked buffer in Windows UPnP NOTIFY handling that can allow remote attackers to cause denial of service or execute code with SYSTEM privileges on Windows XP (and related UPnP-enabled Windows 98/ME). Exploitation via specially malformed NOTIFY messages (SSDP) can tri...

5CVSS6.5AI score0.43764EPSS
CVE
CVE
added 2003/07/10 4:0 a.m.86 views

CVE-2003-0345

The CVE-2003-0345 issue affects Microsoft Windows SMB/CIFS implementations (Windows XP, 2000, NT). The root cause is a buffer overflow in the SMB packet handling where an incoming packet specifies a smaller buffer length than required, enabling a remote attacker to cause a denial of service and, ...

7.5CVSS8.1AI score0.34496EPSS
CVE
CVE
added 2004/07/14 4:0 a.m.86 views

CVE-2004-0201

The CVE-2004-0201 entry documents a heap-based buffer overflow in the HTML Help viewer hh.exe used by HTML Help (.chm) on Windows platforms (Windows 98, Me, NT 4.0, 2000, XP, and Server 2003). The vulnerability allows remote code execution via a .CHM file with a large length field, enabling an at...

10CVSS7.8AI score0.45137EPSS
CVE
CVE
added 2005/02/14 5:0 a.m.86 views

CVE-2005-0416

CVE-2005-0416 describes a stack-based buffer overflow in the Windows Animated Cursor (ANI) handling. The vulnerability affects Windows NT, Windows 2000 (SP4), Windows XP (SP1), and Windows 2003, where a crafted AnimationHeaderBlock length field can lead to remote code execution or memory corrupti...

7.5CVSS7.6AI score0.45486EPSS
CVE
CVE
added 2011/01/31 7:0 p.m.86 views

CVE-2011-0096

The CVE describes a vulnerability in the MHTML protocol handler where improper processing of MIME-formatted requests for content blocks can allow a remote attacker to trigger client-side effects in Internet Explorer. Connected advisories (MS11-026 and related OpenVAS/Nessus listings) frame this a...

6.1CVSS5.5AI score0.46819EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.86 views

CVE-2013-1277

AFFECTED: Microsoft Windows family (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7 Gold/SP1) – vulnerability in the kernel-mode driver win32k.sys. WHAT: A race condition in win32k.sys that allows local users to gain privileges and read arbitrary kernel memory when a ...

4.9CVSS6.4AI score0.01516EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.85 views

CVE-2005-0045

CVE-2005-0045 is a remote code execution vulnerability in the SMB client/server implementation on Windows NT 4.0, 2000, XP and Server 2003. The issue stems from improper validation of SMB packets, enabling an attacker to execute arbitrary code by crafting SMB Transaction responses (notably Trans ...

7.5CVSS7.6AI score0.73094EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.85 views

CVE-2010-0492

Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...

9.3CVSS7.5AI score0.27523EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.85 views

CVE-2011-0034

The CVE-2011-0034 issue is a stack overflow in the OpenType Compact Font Format (CFF) driver (ATMFD.dll) in Microsoft Windows. It can be triggered by crafted OpenType fonts and allows remote attackers to execute arbitrary code on affected systems. Affected Windows versions include Windows XP SP2/...

9.3CVSS8AI score0.27925EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.84 views

CVE-2005-0059

The CVE-2005-0059 issue is a buffer overflow in the Microsoft Message Queuing (MSMQ) service’s processing of messages. The vulnerability affects MSMQ on Windows 2000 and Windows XP SP1 (per the CVE/NVD entries) and is exploitable via the MSMQ RPC/queue handling interface, enabling remote code exe...

10CVSS7.4AI score0.76803EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.84 views

CVE-2011-1282

CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...

8.4CVSS6.6AI score0.01553EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.84 views

CVE-2013-1300

CVE-2013-1300 maps to a Win32k memory handling vulnerability in win32k.sys affecting multiple Windows XP/Vista/7/8/2003/Server variants. The issue is a local privilege escalation via a crafted application that abuses kernel memory object handling, enabling an attacker to gain SYSTEM-level privile...

7.2CVSS6.2AI score0.1218EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.83 views

CVE-2003-0003

CVE-2003-0003 describes a locally/remotely exploitable buffer overflow in the Microsoft Locator service (RPC Locator) that allows arbitrary code execution when processing overly large RPC requests. Affected products include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and...

7.5CVSS7.5AI score0.4545EPSS
CVE
CVE
added 2008/01/08 8:0 p.m.83 views

CVE-2007-0069

CVE-2007-0069 describes a remote code execution and denial-of-service risk in the Windows kernel’s TCP/IP stack due to improper handling of IGMPv3 and MLDv2 state. Affected are Windows XP SP2, Server 2003, and Vista; exploitation requires specially crafted IGMPv3/MLDv2 packets that can trigger me...

9.3CVSS7.3AI score0.49205EPSS
Web
CVE
CVE
added 2009/06/10 5:37 p.m.83 views

CVE-2009-0568

The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...

10CVSS6.6AI score0.32387EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.83 views

CVE-2009-2511

CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...

7.5CVSS6.5AI score0.12959EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.83 views

CVE-2010-0027

CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...

9.3CVSS8.3AI score0.33985EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.83 views

CVE-2010-0487

CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...

9.3CVSS7.6AI score0.24216EPSS
CVE
CVE
added 2010/06/14 6:0 p.m.83 views

CVE-2010-2265

CVE-2010-2265 is an XSS in the GetServerName function of sysinfo/commonFunc.js within Windows Help and Support Center on Windows XP and Windows Server 2003, exploitable via svr in sysinfo/sysinfomain.htm. It is paired with CVE-2010-1885, which covers HCP URL handling and can enable command execut...

4.3CVSS6.1AI score0.2099EPSS
Web
CVE
CVE
added 2010/10/13 6:0 p.m.83 views

CVE-2010-2746

CVE-2010-2746 describes a heap-based buffer overflow in the Windows common controls library, Comctl32.dll, triggered when processing messages from a third-party SVG viewer. A remote code execution risk exists on affected Windows releases (XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008, and W...

7.6CVSS7.8AI score0.36238EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.83 views

CVE-2011-1967

CVE-2011-1967 affects the Windows Client/Server Run-time Subsystem (CSRSS) via the Winsrv.dll component. The root cause is improper permission checks when a lower‑integrity process sends inter‑process device‑event messages to a higher‑integrity CSRSS, enabling local privilege escalation. Affected...

7.2CVSS6.4AI score0.01707EPSS
CVE
CVE
added 2002/10/01 4:0 a.m.82 views

CVE-2002-0863

The CVE-2002-0863 issue concerns Microsoft RDP (Remote Desktop Protocol) 5.0 on Windows 2000 and 5.1 on Windows XP, where checksums of plaintext session data are not encrypted. This could allow a remote attacker to sniff encrypted sessions and potentially recover plaintext contents (information d...

5CVSS6.5AI score0.24001EPSS
CVE
CVE
added 2007/11/20 12:0 a.m.82 views

CVE-2007-6026

CVE-2007-6026 covers a stack-based buffer overflow in the Microsoft Jet Database Engine (msjet40.dll, 4.0.8618.0) used by Access 2003 in Office 2003 SP3. The vulnerability arises when parsing MDB files with a crafted column structure, allowing a user-assisted attacker to execute arbitrary code. T...

9.3CVSS7.3AI score0.28268EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.82 views

CVE-2009-0078

CVE-2009-0078 pertains to the Windows WMI Service Isolation Vulnerability in Windows XP SP2/SP3, Server 2003 SP1/SP2, Vista, and Server 2008. The local privilege escalation arises from failure to properly isolate multiple processes running under NetworkService/LocalService accounts, enabling a lo...

7.2CVSS6.4AI score0.02744EPSS
CVE
CVE
added 2009/03/10 8:0 p.m.82 views

CVE-2009-0085

CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...

7.1CVSS6.6AI score0.15193EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.82 views

CVE-2010-0267

CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...

9.3CVSS7.6AI score0.34408EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.82 views

CVE-2010-1734

The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...

4.9CVSS6.3AI score0.02658EPSS
CVE
CVE
added 2012/10/09 9:0 p.m.82 views

CVE-2012-2529

CVE-2012-2529 describes a kernel integer-overflow vulnerability in Microsoft Windows that enables local privilege escalation. The issue affects the Windows kernel on multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause is improper ha...

7.2CVSS6.6AI score0.01816EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.82 views

CVE-2013-3864

Technical details for CVE-2013-3864 are not publicly available in the provided connected documents. Monitor for updates from official advisories; the supplied references include NVD entries for related CVEs but no new specifics about this CVE.

7.2CVSS6.2AI score0.01654EPSS
CVE
CVE
added 2014/07/26 3:0 p.m.82 views

CVE-2014-4971

CVE-2014-4971 affects Microsoft Windows XP SP3 and relates to two drivers: MQAC.sys in the MQ Access Control subsystem and BthPan.sys in Bluetooth PAN. The vulnerability arises because certain IRP/IOCTL handling does not validate addresses, enabling local attackers to write to arbitrary memory lo...

7.2CVSS6.2AI score0.23046EPSS
CVE
CVE
added 2006/08/09 1:0 a.m.81 views

CVE-2006-3441

CVE-2006-3441 is a buffer overflow in the DNS Client service of Microsoft Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 that could allow remote code execution with SYSTEM privileges. The issue arises from unchecked buffers in the DNS client handling crafted DNS responses, and MS06-041 and rel...

10CVSS7.8AI score0.65532EPSS
CVE
CVE
added 2007/04/04 4:0 p.m.81 views

CVE-2007-1215

CVE-2007-1215 is a Local Elevation of Privilege vulnerability in the Graphics Device Interface (GDI) of Windows. The issue arises when rendering certain images with color-related parameters, causing an unchecked buffer/length handling in GDI. A logged-on attacker could potentially gain full contr...

7.2CVSS6.5AI score0.02721EPSS
CVE
CVE
added 2009/12/09 6:0 p.m.81 views

CVE-2009-3671

CVE-2009-3671 concerns Microsoft Internet Explorer 8. The issue is a memory handling vulnerability where an object that is either not properly initialized or has been deleted is accessed, causing memory corruption and enabling remote code execution. The vulnerability is described as Uninitialized...

9.3CVSS7.2AI score0.21038EPSS
CVE
CVE
added 2010/01/13 7:0 p.m.81 views

CVE-2010-0018

CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...

9.3CVSS7.7AI score0.26523EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.81 views

CVE-2010-0234

The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...

4.7CVSS6AI score0.01932EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.81 views

CVE-2010-0250

CVE-2010-0250 is a DirectShow/Quartz heap overflow vulnerability in Microsoft DirectX where the AVI/QUartz AVI parser misallocates a buffer when processing a crafted AVI file’s length field, enabling remote code execution. Affected components include DirectShow (AVI Filter) and Quartz, with impac...

9.3CVSS7.9AI score0.31862EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.81 views

CVE-2010-1887

CVE-2010-1887 affects the Windows kernel‑mode driver win32k.sys and is triggered by improper validation of a system call argument, causing a denial of service (system hang) on XP SP2/3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7. Connected documents also describe rel...

4.4CVSS6.1AI score0.0196EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.81 views

CVE-2010-2553

The CVE-2010-2553 issue affects the Cinepak codec (iccvid.dll) used by Windows XP SP2/SP3, Vista SP1/SP2, and Windows 7. A flaw in how the Cinepak codec decompresses certain media files allows remote attackers to execute arbitrary code by convincing a user to open a crafted file. Microsoft releas...

9.3CVSS7.3AI score0.30895EPSS
Web
CVE
CVE
added 2010/12/16 7:0 p.m.81 views

CVE-2010-3941

Summary (CVE-2010-3941) : A local privilege-escalation in Windows is caused by a double-free in the kernel-mode driver win32k.sys. Affects multiple Windows editions: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, and Windows 7. The flaw enables local users to gain full privileg...

8.4CVSS6.3AI score0.0136EPSS
CVE
CVE
added 2010/12/22 8:0 p.m.81 views

CVE-2010-3970

CVE-2010-3970 is a stack-based buffer overflow in CreateSizedDIBSECTION within shimgvw.dll (Windows Shell Graphics Processing). It is triggered by a crafted thumbnail bitmap (e.g., via a negative biClrUsed value) and can allow remote code execution. Affected products include Windows XP SP2/SP3, S...

9.3CVSS7.9AI score0.67687EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.81 views

CVE-2012-1870

CVE-2012-1870 describes a TLS CBC-mode vulnerability allowing plaintext data disclosure during HTTPS sessions (BEAST-like issue). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1. The threat is that an attacker can sniff netwo...

4.3CVSS6.4AI score0.10698EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.80 views

CVE-2002-0366

CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...

7.2CVSS7.6AI score0.02811EPSS
Total number of security vulnerabilities663