Lucene search
K

663 matches found

CVE
CVE
added 2012/06/12 10:0 p.m.81 views

CVE-2012-1864

CVE-2012-1864/1865 affect Windows kernel-mode, specifically win32k.sys, across multiple XP/2003/Vista/2008/7 builds. The root cause is improper handling of user-mode input passed to kernel-mode driver objects, enabling local privilege escalation. The linked documents confirm two CVEs (1864/1865) ...

7.2CVSS6.2AI score0.01577EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.81 views

CVE-2012-1870

CVE-2012-1870 describes a TLS CBC-mode vulnerability allowing plaintext data disclosure during HTTPS sessions (BEAST-like issue). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1. The threat is that an attacker can sniff netwo...

4.3CVSS6.4AI score0.10698EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.81 views

CVE-2013-3198

CVE-2013-3198 affects the NTVDM subsystem in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. It relies on improper validation of kernel-memory addresses, enabling local privilege escalation or memory corruption (DoS) via a cr...

7.2CVSS6.2AI score0.02079EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.80 views

CVE-2002-0057

The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...

5CVSS6.4AI score0.19175EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.80 views

CVE-2002-0366

CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...

7.2CVSS7.6AI score0.02811EPSS
CVE
CVE
added 2003/06/28 4:0 a.m.80 views

CVE-2003-0469

CVE-2003-0469 describes a buffer-overflow in the HTML Converter (html32.cnv) used by Windows applications (via IE and other components). The flaw can be triggered during a cut‑and‑paste operation with a crafted HR tag (align attribute), potentially allowing remote code execution with the privileg...

7.5CVSS7.8AI score0.49529EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.80 views

CVE-2004-0214

CVE-2004-0214 is a remote code execution vulnerability in the Windows Shell (Shell32) that stems from an unchecked/buffered input condition in the Shell’s handling of messages when launching applications. An attacker could entice a user to visit a malicious Web page or open a crafted file, potent...

10CVSS7.9AI score0.51011EPSS
CVE
CVE
added 2006/02/08 2:0 a.m.80 views

CVE-2006-0023

CVE-2006-0023 describes a privilege-elevation vulnerability in Windows XP SP1/SP2 (and possibly other OS) where default service-discretionary access control lists (DACLs) are overly permissive (the so-called Permissive Windows Services DACLs). This allows a low-privileged local user to modify cri...

4.3CVSS6.5AI score0.01283EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.80 views

CVE-2006-1184

CVE-2006-1184 describes a Denial of Service in Microsoft Windows’ Distributed Transaction Coordinator (MSDTC) that could crash the MSDTC service when a remote attacker sends a crafted BuildContextW message with a large UuidString or GuidIn. The issue affects MSDTC on Windows NT 4.0, 2000 SP4, XP ...

5CVSS6.3AI score0.29721EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.80 views

CVE-2006-2379

CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...

9.3CVSS7.7AI score0.58027EPSS
CVE
CVE
added 2008/04/21 5:0 p.m.80 views

CVE-2008-1436

The CVE-2008-1436 entry describes a privilege-escalation token kidnapping issue in Windows where improper handling of SeImpersonatePrivilege could allow a context-dependant attacker to gain LocalSystem privileges by coordinating between two service processes. Public details in connected MS bullet...

9CVSS6.5AI score0.36829EPSS
CVE
CVE
added 2009/06/10 6:0 p.m.80 views

CVE-2009-1124

This CVE entry covers multiple Windows kernel privilege-escalation flaws (CVE-2009-1123, -1124, -1125, -1126) related to improper validation of changes to kernel objects, user-mode pointers, system-call arguments, and certain desktop parameters. Exploitation is local and requires valid logon cred...

7.2CVSS6.3AI score0.01438EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.80 views

CVE-2010-3939

CVE-2010-3939 describes a local privilege-escalation vulnerability in the Windows kernel via the win32k.sys driver. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP2, and R2), and Windows 7. The root cause is imprope...

7.2CVSS6.8AI score0.01938EPSS
CVE
CVE
added 2011/01/20 6:0 p.m.80 views

CVE-2010-4701

The CVE-2010-4701 entry describes a heap-based buffer overflow in the CDrawPoly::Serialize function of fxscover.exe, part of Windows Fax Services Cover Page Editor, affecting Windows XP SP3, Windows Server 2003 R2, and Windows 7. An attacker could trigger arbitrary code execution by processing a ...

7.6CVSS7.9AI score0.47832EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.80 views

CVE-2011-3415

CVE-2011-3415 is an open redirect vulnerability in the ASP.NET Forms Authentication component of Microsoft .NET Framework (2.0 SP2, 3.5 SP1, 3.5.1, 4.0). The issue arises during return URL validation in the login flow, allowing remote attackers to redirect victims to arbitrary sites and potential...

6.8CVSS6.5AI score0.24138EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.80 views

CVE-2013-1287

The CVE-2013-1287 issue affects the USB kernel-mode drivers in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 R2 SP1, 7, 8, Server 2012). Root cause: objects in memory are not properly handled by USB descriptor processing, enabling physically proximate attackers to...

7.2CVSS7.2AI score0.01455EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.79 views

CVE-2005-0053

Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...

7.5CVSS7.6AI score0.6349EPSS
CVE
CVE
added 2005/10/13 4:0 a.m.79 views

CVE-2005-2120

CVE-2005-2120 is a stack-based buffer overflow in the Windows Plug and Play (PnP) service (UMPNPMGR.DLL) on Windows 2000 SP4 and Windows XP SP1/SP2. The overflow occurs when processing a registry key name containing a large number of backslashes, triggered in wsprintfW, allowing remote or local a...

6.5CVSS7.5AI score0.63062EPSS
CVE
CVE
added 2006/11/14 10:0 p.m.79 views

CVE-2006-4688

CVE-2006-4688 describes a memory corruption/buffer overflow in the Client Service for NetWare (CSNW) on Windows 2000 SP4, XP SP2, and Server 2003 up to SP1. The vulnerability arises from malformed parameters to CSNW API functions, allowing remote code execution via crafted messages. Affected comp...

7.5CVSS7.7AI score0.76878EPSS
CVE
CVE
added 2006/11/14 9:0 p.m.79 views

CVE-2006-4691

CVE-2006-4691 is a stack-based buffer overflow in the NetpManageIPCConnect function of wkssvc.dll (Workstation service) on Microsoft Windows 2000 SP4 and Windows XP SP2. The vulnerability is triggered by long NetrJoinDomain2 RPC hostname parameters over the network, allowing remote code execution...

10CVSS7.7AI score0.80214EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.79 views

CVE-2008-2250

CVE-2008-2250 refers to a Windows kernel elevation-of-privilege vulnerability where the kernel fails to properly validate window properties passed from a parent to a child during new window creation. The issue can allow a local attacker to execute arbitrary code in kernel mode and gain full acces...

7.2CVSS6.1AI score0.01635EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.79 views

CVE-2009-2525

CVE-2009-2525 is the Windows History: The Windows Media Runtime Heap Corruption Vulnerability. A remote code execution flaw exists in Windows Media Runtime (DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager) caused by improper initialization of unspecifi...

9.3CVSS7.4AI score0.23318EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.79 views

CVE-2010-0488

CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...

6.5CVSS5.9AI score0.29229EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.79 views

CVE-2010-3963

CVE-2010-3963 affects the Windows kernel’s Routing and Remote Access NDProxy driver, notably on Windows XP (SP2/SP3) and Server 2003 SP2. The vulnerability originates from improper validation/copying of data from user mode into the kernel, enabling a local attacker to trigger a kernel-mode privil...

7.2CVSS6.7AI score0.01858EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.79 views

CVE-2012-1850

CVE-2012-1850 affects the LanmanWorkstation Remote Administration Protocol (RAP) handling in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1). The RAP implementation mishandles RAP responses, enabling remote attackers to cause a...

5CVSS6.6AI score0.27464EPSS
CVE
CVE
added 2013/04/09 10:0 p.m.79 views

CVE-2013-1295

CVE-2013-1295 corresponds to a local privilege-escalation flaw in the Windows Client/Server Run-time Subsystem (CSRSS). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. Root cause: improper handling of objects in memory inside ...

7.2CVSS6.5AI score0.02239EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.78 views

CVE-2002-0055

CVE-2002-0055 affects the SMTP service in Windows 2000, Windows XP Professional, and Exchange 2000. The vulnerability is triggered by a malformed BDAT data transfer request, allowing remote denial-of-service by an attacker. Connected documents corroborate this and reference MS02-012 (MSKB 313450)...

5CVSS6.7AI score0.37564EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.78 views

CVE-2002-0151

CVE-2002-0151 describes a buffer overflow in the Windows Multiple UNC Provider (MUP) that can permit a local attacker to cause a denial of service or gain Local SYSTEM privileges by sending an overlong UNC request. Technical sources in the connected documents show this affects Windows NT 4.0, Win...

7.2CVSS6.9AI score0.03584EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.78 views

CVE-2002-1325

CVE-2002-1325 affects Microsoft Virtual Machine (VM) versions up to build 5.0.3805. A Java applet that accesses the user.dir system property can disclose the local user’s username to a remote attacker, via a crafted page or email. CERT notes the vulnerability could leak the user’s system path and...

5CVSS6.4AI score0.13858EPSS
CVE
CVE
added 2003/11/18 5:0 a.m.78 views

CVE-2003-0824

Microsoft FrontPage Server Extensions (FPSE) 2000/2002 and SharePoint Team Services 2002 are affected by two vulnerabilities described in MS03-051. The first is a remote denial-of-service in the remote debugging function of FPSE (buffer overrun in the fp30reg.dll/remote debug path) that could tem...

5CVSS6.4AI score0.34428EPSS
CVE
CVE
added 2005/10/11 4:0 a.m.78 views

CVE-2005-1979

CVE-2005-1979 affects the Microsoft Distributed Transaction Coordinator (MSDTC) TIP handling. A denial-of-service can occur when a remote attacker sends a crafted TIP message, potentially terminating MSDTC and affecting dependent services. The issue is mitigated by MS05-051 updates across Windows...

5CVSS6.6AI score0.36279EPSS
CVE
CVE
added 2005/10/11 4:0 a.m.78 views

CVE-2005-2119

Mode C: CVE-2005-2119 is discussed in connected docs as a MSDTC DoS variant: remote attackers can crash MSDTC by sending a BuildContextW request with a large UuidString or GuidIn, causing out-of-range memory access. It notes this is a variant of CVE-2005-2119 and affects the Microsoft Distributed...

5CVSS6.2AI score0.39128EPSS
CVE
CVE
added 2008/08/13 12:0 a.m.78 views

CVE-2008-2245

CVE-2008-2245 affects Microsoft Windows Image Color Management System (ICM) via a heap-based overflow in mscms.dll (InternalOpenColorProfile). The vulnerability, in the ICCM/ICM component, allows remote code execution when a crafted image file is opened. Affected systems include Windows 2000 SP4,...

9.3CVSS7.5AI score0.46142EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.78 views

CVE-2008-2249

The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...

9.3CVSS7.8AI score0.31122EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.78 views

CVE-2009-0079

CVE-2009-0079 affects Windows XP (SP2/SP3) and Windows Server 2003 (SP1/SP2). The vulnerability is a failure to isolate multiple RPCSS processes that run under the same account (NetworkService or LocalService), allowing a local user to escalate privileges by accessing resources of sibling RPCSS p...

6.9CVSS6.4AI score0.04064EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.78 views

CVE-2009-1920

The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...

9.3CVSS7.5AI score0.21507EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.78 views

CVE-2010-0016

CVE-2010-0016 is a remote code execution vulnerability in the SMB client of Microsoft Windows (affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2). The root cause is improper validation of fields in SMB responses by the SMB client, which can allow a crafted SMB response from a malicious ...

9.3CVSS7.4AI score0.0867EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.78 views

CVE-2010-0819

CVE-2010-0819: Elevation of privilege in the Windows OpenType Compact Font Format (CFF) Driver due to improper validation when copying data from user mode to kernel mode. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7. Local attacker with...

7.2CVSS7.1AI score0.02081EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.78 views

CVE-2010-1883

CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...

9.3CVSS7.7AI score0.23344EPSS
CVE
CVE
added 2011/01/20 8:0 p.m.78 views

CVE-2010-2743

The CVE-2010-2743 issue affects Windows XP SP3 kernel-mode components, specifically the Win32k NtUserLoadKeyboardLayoutEx path, where indexing of a function-pointer table during loading of keyboard layouts from disk allows a local user to escalate privileges. The underlying cause is improper hand...

7.2CVSS6.1AI score0.14849EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.78 views

CVE-2011-1985

CVE-2011-1985 affects the Windows kernel-mode driver win32k.sys. The issue arises from improper validation of user-mode input in Win32k, enabling local users to gain privileges or cause a denial of service via a crafted application, leading to a NULL pointer dereference and system crash. Affected...

7.2CVSS6.4AI score0.02386EPSS
CVE
CVE
added 2013/04/09 10:0 p.m.78 views

CVE-2013-1294

The CVE-2013-1294 entry describes a kernel race-condition vulnerability in the Windows family (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) where improper handling of in-memory objects can be abused by a crafted local application to ...

7CVSS6.3AI score0.01064EPSS
CVE
CVE
added 2013/10/09 2:44 p.m.78 views

CVE-2013-3200

CVE-2013-3200 concerns a local-privilege-escalation in Windows USB handling. The vulnerability exists in kernel-mode USB drivers across multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). A crafted USB devi...

7.2CVSS7.4AI score0.05441EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.77 views

CVE-2005-0063

The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...

7.5CVSS7.1AI score0.51684EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.77 views

CVE-2006-0034

CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...

7.5CVSS7.9AI score0.30542EPSS
CVE
CVE
added 2007/08/14 9:0 p.m.77 views

CVE-2007-3034

Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...

9.3CVSS7.7AI score0.54749EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.77 views

CVE-2009-2530

CVE-2009-2530 corresponds to an Internet Explorer memory corruption vulnerability (Uninitialized Memory Corruption) that could allow remote code execution when a user views a specially crafted Web page. Connected documents show Microsoft’s MS09-054 cumulative security update for Internet Explorer...

9.3CVSS7.2AI score0.22927EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.77 views

CVE-2010-0489

The CVE-2010-0489 entry corresponds to a Race Condition Memory Corruption vulnerability in Microsoft Internet Explorer (affecting IE 5.01 SP4, 6, 6 SP1, and 7). The connected sources confirm a remote code execution scenario triggered by specially crafted HTML/Web content, with exploitation possib...

9.3CVSS7.3AI score0.23731EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.77 views

CVE-2013-1285

CVE-2013-1285 concerns Windows USB descriptor handling vulnerabilities in several Windows OS versions (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7; Windows 8; Server 2012). The issue arises from improper handling of objects in memory by USB kernel‑mode drivers, en...

7.2CVSS7.2AI score0.01455EPSS
CVE
CVE
added 2013/03/13 12:0 a.m.77 views

CVE-2013-1286

Summary: CVE-2013-1286 is a Windows USB Descriptor Vulnerability. The exposed flaw lies in USB kernel-mode drivers on Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, and Server 2012, where objects in memory are not properly handled, allowing physicall...

7.2CVSS7.2AI score0.01455EPSS
Total number of security vulnerabilities663