663 matches found
CVE-2007-2228
The CVE-2007-2228 entry describes a denial-of-service flaw in the RPC runtime library rpcrt4.dll on Windows platforms (XP SP2, XP x64, Server 2003 SP1/SP2, Server 2003 x64, Vista and Vista x64). The vulnerability occurs when parsing RPC authentication messages with NTLMSSP and PACKET level, where...
CVE-2009-0089
CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...
CVE-2010-0485
The CVE-2010-0485 issue affects Windows kernel-mode drivers in win32k.sys across multiple OS versions (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, Windows 7, Server 2008 R2). The vulnerability stems from improper validation of callback parameters when creat...
CVE-2010-2744
The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...
CVE-2009-0087
CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...
CVE-2009-0555
CVE-2009-0555 is a Windows Media Runtime issue affecting the ASF handling in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and ACM. The flaw allows remote code execution via a crafted ASF audio file that uses the Windows Media Speech codec, as described in multiple sources (MS09-...
CVE-2010-3147
CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...
CVE-2011-0029
The CVE-2011-0029 issue affects the Microsoft Remote Desktop Connection client (versions 5.2, 6.0, 6.1, 7.0). It is a local privilege-escalation vulnerability caused by an untrusted search path: a Trojan DLL loaded from the current working directory when a directory contains a .rdp file. Impact i...
CVE-2001-0877
CVE-2001-0877 describes an unchecked buffer in Windows UPnP NOTIFY handling that can allow remote attackers to cause denial of service or execute code with SYSTEM privileges on Windows XP (and related UPnP-enabled Windows 98/ME). Exploitation via specially malformed NOTIFY messages (SSDP) can tri...
CVE-2003-0345
The CVE-2003-0345 issue affects Microsoft Windows SMB/CIFS implementations (Windows XP, 2000, NT). The root cause is a buffer overflow in the SMB packet handling where an incoming packet specifies a smaller buffer length than required, enabling a remote attacker to cause a denial of service and, ...
CVE-2004-0201
The CVE-2004-0201 entry documents a heap-based buffer overflow in the HTML Help viewer hh.exe used by HTML Help (.chm) on Windows platforms (Windows 98, Me, NT 4.0, 2000, XP, and Server 2003). The vulnerability allows remote code execution via a .CHM file with a large length field, enabling an at...
CVE-2005-0416
CVE-2005-0416 describes a stack-based buffer overflow in the Windows Animated Cursor (ANI) handling. The vulnerability affects Windows NT, Windows 2000 (SP4), Windows XP (SP1), and Windows 2003, where a crafted AnimationHeaderBlock length field can lead to remote code execution or memory corrupti...
CVE-2011-0096
The CVE describes a vulnerability in the MHTML protocol handler where improper processing of MIME-formatted requests for content blocks can allow a remote attacker to trigger client-side effects in Internet Explorer. Connected advisories (MS11-026 and related OpenVAS/Nessus listings) frame this a...
CVE-2013-1277
AFFECTED: Microsoft Windows family (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7 Gold/SP1) – vulnerability in the kernel-mode driver win32k.sys. WHAT: A race condition in win32k.sys that allows local users to gain privileges and read arbitrary kernel memory when a ...
CVE-2005-0045
CVE-2005-0045 is a remote code execution vulnerability in the SMB client/server implementation on Windows NT 4.0, 2000, XP and Server 2003. The issue stems from improper validation of SMB packets, enabling an attacker to execute arbitrary code by crafting SMB Transaction responses (notably Trans ...
CVE-2010-0492
Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...
CVE-2011-0034
The CVE-2011-0034 issue is a stack overflow in the OpenType Compact Font Format (CFF) driver (ATMFD.dll) in Microsoft Windows. It can be triggered by crafted OpenType fonts and allows remote attackers to execute arbitrary code on affected systems. Affected Windows versions include Windows XP SP2/...
CVE-2005-0059
The CVE-2005-0059 issue is a buffer overflow in the Microsoft Message Queuing (MSMQ) service’s processing of messages. The vulnerability affects MSMQ on Windows 2000 and Windows XP SP1 (per the CVE/NVD entries) and is exploitable via the MSMQ RPC/queue handling interface, enabling remote code exe...
CVE-2011-1282
CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...
CVE-2013-1300
CVE-2013-1300 maps to a Win32k memory handling vulnerability in win32k.sys affecting multiple Windows XP/Vista/7/8/2003/Server variants. The issue is a local privilege escalation via a crafted application that abuses kernel memory object handling, enabling an attacker to gain SYSTEM-level privile...
CVE-2003-0003
CVE-2003-0003 describes a locally/remotely exploitable buffer overflow in the Microsoft Locator service (RPC Locator) that allows arbitrary code execution when processing overly large RPC requests. Affected products include Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and...
CVE-2007-0069
CVE-2007-0069 describes a remote code execution and denial-of-service risk in the Windows kernel’s TCP/IP stack due to improper handling of IGMPv3 and MLDv2 state. Affected are Windows XP SP2, Server 2003, and Vista; exploitation requires specially crafted IGMPv3/MLDv2 packets that can trigger me...
CVE-2009-0568
The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...
CVE-2009-2511
CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...
CVE-2010-0027
CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...
CVE-2010-0487
CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...
CVE-2010-2265
CVE-2010-2265 is an XSS in the GetServerName function of sysinfo/commonFunc.js within Windows Help and Support Center on Windows XP and Windows Server 2003, exploitable via svr in sysinfo/sysinfomain.htm. It is paired with CVE-2010-1885, which covers HCP URL handling and can enable command execut...
CVE-2010-2746
CVE-2010-2746 describes a heap-based buffer overflow in the Windows common controls library, Comctl32.dll, triggered when processing messages from a third-party SVG viewer. A remote code execution risk exists on affected Windows releases (XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008, and W...
CVE-2011-1967
CVE-2011-1967 affects the Windows Client/Server Run-time Subsystem (CSRSS) via the Winsrv.dll component. The root cause is improper permission checks when a lower‑integrity process sends inter‑process device‑event messages to a higher‑integrity CSRSS, enabling local privilege escalation. Affected...
CVE-2002-0863
The CVE-2002-0863 issue concerns Microsoft RDP (Remote Desktop Protocol) 5.0 on Windows 2000 and 5.1 on Windows XP, where checksums of plaintext session data are not encrypted. This could allow a remote attacker to sniff encrypted sessions and potentially recover plaintext contents (information d...
CVE-2007-6026
CVE-2007-6026 covers a stack-based buffer overflow in the Microsoft Jet Database Engine (msjet40.dll, 4.0.8618.0) used by Access 2003 in Office 2003 SP3. The vulnerability arises when parsing MDB files with a crafted column structure, allowing a user-assisted attacker to execute arbitrary code. T...
CVE-2009-0078
CVE-2009-0078 pertains to the Windows WMI Service Isolation Vulnerability in Windows XP SP2/SP3, Server 2003 SP1/SP2, Vista, and Server 2008. The local privilege escalation arises from failure to properly isolate multiple processes running under NetworkService/LocalService accounts, enabling a lo...
CVE-2009-0085
CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...
CVE-2010-0267
CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...
CVE-2010-1734
The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...
CVE-2012-2529
CVE-2012-2529 describes a kernel integer-overflow vulnerability in Microsoft Windows that enables local privilege escalation. The issue affects the Windows kernel on multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause is improper ha...
CVE-2013-3864
Technical details for CVE-2013-3864 are not publicly available in the provided connected documents. Monitor for updates from official advisories; the supplied references include NVD entries for related CVEs but no new specifics about this CVE.
CVE-2014-4971
CVE-2014-4971 affects Microsoft Windows XP SP3 and relates to two drivers: MQAC.sys in the MQ Access Control subsystem and BthPan.sys in Bluetooth PAN. The vulnerability arises because certain IRP/IOCTL handling does not validate addresses, enabling local attackers to write to arbitrary memory lo...
CVE-2006-3441
CVE-2006-3441 is a buffer overflow in the DNS Client service of Microsoft Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 that could allow remote code execution with SYSTEM privileges. The issue arises from unchecked buffers in the DNS client handling crafted DNS responses, and MS06-041 and rel...
CVE-2007-1215
CVE-2007-1215 is a Local Elevation of Privilege vulnerability in the Graphics Device Interface (GDI) of Windows. The issue arises when rendering certain images with color-related parameters, causing an unchecked buffer/length handling in GDI. A logged-on attacker could potentially gain full contr...
CVE-2009-3671
CVE-2009-3671 concerns Microsoft Internet Explorer 8. The issue is a memory handling vulnerability where an object that is either not properly initialized or has been deleted is accessed, causing memory corruption and enabling remote code execution. The vulnerability is described as Uninitialized...
CVE-2010-0018
CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...
CVE-2010-0234
The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...
CVE-2010-0250
CVE-2010-0250 is a DirectShow/Quartz heap overflow vulnerability in Microsoft DirectX where the AVI/QUartz AVI parser misallocates a buffer when processing a crafted AVI file’s length field, enabling remote code execution. Affected components include DirectShow (AVI Filter) and Quartz, with impac...
CVE-2010-1887
CVE-2010-1887 affects the Windows kernel‑mode driver win32k.sys and is triggered by improper validation of a system call argument, causing a denial of service (system hang) on XP SP2/3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7. Connected documents also describe rel...
CVE-2010-2553
The CVE-2010-2553 issue affects the Cinepak codec (iccvid.dll) used by Windows XP SP2/SP3, Vista SP1/SP2, and Windows 7. A flaw in how the Cinepak codec decompresses certain media files allows remote attackers to execute arbitrary code by convincing a user to open a crafted file. Microsoft releas...
CVE-2010-3941
Summary (CVE-2010-3941) : A local privilege-escalation in Windows is caused by a double-free in the kernel-mode driver win32k.sys. Affects multiple Windows editions: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, and Windows 7. The flaw enables local users to gain full privileg...
CVE-2010-3970
CVE-2010-3970 is a stack-based buffer overflow in CreateSizedDIBSECTION within shimgvw.dll (Windows Shell Graphics Processing). It is triggered by a crafted thumbnail bitmap (e.g., via a negative biClrUsed value) and can allow remote code execution. Affected products include Windows XP SP2/SP3, S...
CVE-2012-1870
CVE-2012-1870 describes a TLS CBC-mode vulnerability allowing plaintext data disclosure during HTTPS sessions (BEAST-like issue). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1. The threat is that an attacker can sniff netwo...
CVE-2002-0366
CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...