663 matches found
CVE-2012-1864
CVE-2012-1864/1865 affect Windows kernel-mode, specifically win32k.sys, across multiple XP/2003/Vista/2008/7 builds. The root cause is improper handling of user-mode input passed to kernel-mode driver objects, enabling local privilege escalation. The linked documents confirm two CVEs (1864/1865) ...
CVE-2012-1870
CVE-2012-1870 describes a TLS CBC-mode vulnerability allowing plaintext data disclosure during HTTPS sessions (BEAST-like issue). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1. The threat is that an attacker can sniff netwo...
CVE-2013-3198
CVE-2013-3198 affects the NTVDM subsystem in the Windows kernel on 32-bit Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, and Windows 8. It relies on improper validation of kernel-memory addresses, enabling local privilege escalation or memory corruption (DoS) via a cr...
CVE-2002-0057
The CVE-2002-0057 issue affects the Microsoft XML Core Services XMLHTTP control (MSXML) in versions 2.6, 3.0, and 4.0 where IE security zone handling is applied to redirected data streams. The flaw allows a remote attacker to read arbitrary local files by specifying a local file as the XML Data S...
CVE-2002-0366
CVE-2002-0366 describes a buffer overflow in the Windows RAS phonebook service that allows a local user to execute arbitrary code with LocalSystem privileges by crafting a long dial-up entry in rasphone.pbk. Affected products include Windows NT 4.0 (and Terminal Server Edition), Windows 2000, Win...
CVE-2003-0469
CVE-2003-0469 describes a buffer-overflow in the HTML Converter (html32.cnv) used by Windows applications (via IE and other components). The flaw can be triggered during a cut‑and‑paste operation with a crafted HR tag (align attribute), potentially allowing remote code execution with the privileg...
CVE-2004-0214
CVE-2004-0214 is a remote code execution vulnerability in the Windows Shell (Shell32) that stems from an unchecked/buffered input condition in the Shell’s handling of messages when launching applications. An attacker could entice a user to visit a malicious Web page or open a crafted file, potent...
CVE-2006-0023
CVE-2006-0023 describes a privilege-elevation vulnerability in Windows XP SP1/SP2 (and possibly other OS) where default service-discretionary access control lists (DACLs) are overly permissive (the so-called Permissive Windows Services DACLs). This allows a low-privileged local user to modify cri...
CVE-2006-1184
CVE-2006-1184 describes a Denial of Service in Microsoft Windows’ Distributed Transaction Coordinator (MSDTC) that could crash the MSDTC service when a remote attacker sends a crafted BuildContextW message with a large UuidString or GuidIn. The issue affects MSDTC on Windows NT 4.0, 2000 SP4, XP ...
CVE-2006-2379
CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...
CVE-2008-1436
The CVE-2008-1436 entry describes a privilege-escalation token kidnapping issue in Windows where improper handling of SeImpersonatePrivilege could allow a context-dependant attacker to gain LocalSystem privileges by coordinating between two service processes. Public details in connected MS bullet...
CVE-2009-1124
This CVE entry covers multiple Windows kernel privilege-escalation flaws (CVE-2009-1123, -1124, -1125, -1126) related to improper validation of changes to kernel objects, user-mode pointers, system-call arguments, and certain desktop parameters. Exploitation is local and requires valid logon cred...
CVE-2010-3939
CVE-2010-3939 describes a local privilege-escalation vulnerability in the Windows kernel via the win32k.sys driver. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP2, and R2), and Windows 7. The root cause is imprope...
CVE-2010-4701
The CVE-2010-4701 entry describes a heap-based buffer overflow in the CDrawPoly::Serialize function of fxscover.exe, part of Windows Fax Services Cover Page Editor, affecting Windows XP SP3, Windows Server 2003 R2, and Windows 7. An attacker could trigger arbitrary code execution by processing a ...
CVE-2011-3415
CVE-2011-3415 is an open redirect vulnerability in the ASP.NET Forms Authentication component of Microsoft .NET Framework (2.0 SP2, 3.5 SP1, 3.5.1, 4.0). The issue arises during return URL validation in the login flow, allowing remote attackers to redirect victims to arbitrary sites and potential...
CVE-2013-1287
The CVE-2013-1287 issue affects the USB kernel-mode drivers in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 R2 SP1, 7, 8, Server 2012). Root cause: objects in memory are not properly handled by USB descriptor processing, enabling physically proximate attackers to...
CVE-2005-0053
Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...
CVE-2005-2120
CVE-2005-2120 is a stack-based buffer overflow in the Windows Plug and Play (PnP) service (UMPNPMGR.DLL) on Windows 2000 SP4 and Windows XP SP1/SP2. The overflow occurs when processing a registry key name containing a large number of backslashes, triggered in wsprintfW, allowing remote or local a...
CVE-2006-4688
CVE-2006-4688 describes a memory corruption/buffer overflow in the Client Service for NetWare (CSNW) on Windows 2000 SP4, XP SP2, and Server 2003 up to SP1. The vulnerability arises from malformed parameters to CSNW API functions, allowing remote code execution via crafted messages. Affected comp...
CVE-2006-4691
CVE-2006-4691 is a stack-based buffer overflow in the NetpManageIPCConnect function of wkssvc.dll (Workstation service) on Microsoft Windows 2000 SP4 and Windows XP SP2. The vulnerability is triggered by long NetrJoinDomain2 RPC hostname parameters over the network, allowing remote code execution...
CVE-2008-2250
CVE-2008-2250 refers to a Windows kernel elevation-of-privilege vulnerability where the kernel fails to properly validate window properties passed from a parent to a child during new window creation. The issue can allow a local attacker to execute arbitrary code in kernel mode and gain full acces...
CVE-2009-2525
CVE-2009-2525 is the Windows History: The Windows Media Runtime Heap Corruption Vulnerability. A remote code execution flaw exists in Windows Media Runtime (DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager) caused by improper initialization of unspecifi...
CVE-2010-0488
CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...
CVE-2010-3963
CVE-2010-3963 affects the Windows kernel’s Routing and Remote Access NDProxy driver, notably on Windows XP (SP2/SP3) and Server 2003 SP2. The vulnerability originates from improper validation/copying of data from user mode into the kernel, enabling a local attacker to trigger a kernel-mode privil...
CVE-2012-1850
CVE-2012-1850 affects the LanmanWorkstation Remote Administration Protocol (RAP) handling in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1). The RAP implementation mishandles RAP responses, enabling remote attackers to cause a...
CVE-2013-1295
CVE-2013-1295 corresponds to a local privilege-escalation flaw in the Windows Client/Server Run-time Subsystem (CSRSS). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2. Root cause: improper handling of objects in memory inside ...
CVE-2002-0055
CVE-2002-0055 affects the SMTP service in Windows 2000, Windows XP Professional, and Exchange 2000. The vulnerability is triggered by a malformed BDAT data transfer request, allowing remote denial-of-service by an attacker. Connected documents corroborate this and reference MS02-012 (MSKB 313450)...
CVE-2002-0151
CVE-2002-0151 describes a buffer overflow in the Windows Multiple UNC Provider (MUP) that can permit a local attacker to cause a denial of service or gain Local SYSTEM privileges by sending an overlong UNC request. Technical sources in the connected documents show this affects Windows NT 4.0, Win...
CVE-2002-1325
CVE-2002-1325 affects Microsoft Virtual Machine (VM) versions up to build 5.0.3805. A Java applet that accesses the user.dir system property can disclose the local user’s username to a remote attacker, via a crafted page or email. CERT notes the vulnerability could leak the user’s system path and...
CVE-2003-0824
Microsoft FrontPage Server Extensions (FPSE) 2000/2002 and SharePoint Team Services 2002 are affected by two vulnerabilities described in MS03-051. The first is a remote denial-of-service in the remote debugging function of FPSE (buffer overrun in the fp30reg.dll/remote debug path) that could tem...
CVE-2005-1979
CVE-2005-1979 affects the Microsoft Distributed Transaction Coordinator (MSDTC) TIP handling. A denial-of-service can occur when a remote attacker sends a crafted TIP message, potentially terminating MSDTC and affecting dependent services. The issue is mitigated by MS05-051 updates across Windows...
CVE-2005-2119
Mode C: CVE-2005-2119 is discussed in connected docs as a MSDTC DoS variant: remote attackers can crash MSDTC by sending a BuildContextW request with a large UuidString or GuidIn, causing out-of-range memory access. It notes this is a variant of CVE-2005-2119 and affects the Microsoft Distributed...
CVE-2008-2245
CVE-2008-2245 affects Microsoft Windows Image Color Management System (ICM) via a heap-based overflow in mscms.dll (InternalOpenColorProfile). The vulnerability, in the ICCM/ICM component, allows remote code execution when a crafted image file is opened. Affected systems include Windows 2000 SP4,...
CVE-2008-2249
The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...
CVE-2009-0079
CVE-2009-0079 affects Windows XP (SP2/SP3) and Windows Server 2003 (SP1/SP2). The vulnerability is a failure to isolate multiple RPCSS processes that run under the same account (NetworkService or LocalService), allowing a local user to escalate privileges by accessing resources of sibling RPCSS p...
CVE-2009-1920
The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...
CVE-2010-0016
CVE-2010-0016 is a remote code execution vulnerability in the SMB client of Microsoft Windows (affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2). The root cause is improper validation of fields in SMB responses by the SMB client, which can allow a crafted SMB response from a malicious ...
CVE-2010-0819
CVE-2010-0819: Elevation of privilege in the Windows OpenType Compact Font Format (CFF) Driver due to improper validation when copying data from user mode to kernel mode. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7. Local attacker with...
CVE-2010-1883
CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...
CVE-2010-2743
The CVE-2010-2743 issue affects Windows XP SP3 kernel-mode components, specifically the Win32k NtUserLoadKeyboardLayoutEx path, where indexing of a function-pointer table during loading of keyboard layouts from disk allows a local user to escalate privileges. The underlying cause is improper hand...
CVE-2011-1985
CVE-2011-1985 affects the Windows kernel-mode driver win32k.sys. The issue arises from improper validation of user-mode input in Win32k, enabling local users to gain privileges or cause a denial of service via a crafted application, leading to a NULL pointer dereference and system crash. Affected...
CVE-2013-1294
The CVE-2013-1294 entry describes a kernel race-condition vulnerability in the Windows family (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) where improper handling of in-memory objects can be abused by a crafted local application to ...
CVE-2013-3200
CVE-2013-3200 concerns a local-privilege-escalation in Windows USB handling. The vulnerability exists in kernel-mode USB drivers across multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). A crafted USB devi...
CVE-2005-0063
The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...
CVE-2006-0034
CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...
CVE-2007-3034
Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...
CVE-2009-2530
CVE-2009-2530 corresponds to an Internet Explorer memory corruption vulnerability (Uninitialized Memory Corruption) that could allow remote code execution when a user views a specially crafted Web page. Connected documents show Microsoft’s MS09-054 cumulative security update for Internet Explorer...
CVE-2010-0489
The CVE-2010-0489 entry corresponds to a Race Condition Memory Corruption vulnerability in Microsoft Internet Explorer (affecting IE 5.01 SP4, 6, 6 SP1, and 7). The connected sources confirm a remote code execution scenario triggered by specially crafted HTML/Web content, with exploitation possib...
CVE-2013-1285
CVE-2013-1285 concerns Windows USB descriptor handling vulnerabilities in several Windows OS versions (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7; Windows 8; Server 2012). The issue arises from improper handling of objects in memory by USB kernel‑mode drivers, en...
CVE-2013-1286
Summary: CVE-2013-1286 is a Windows USB Descriptor Vulnerability. The exposed flaw lies in USB kernel-mode drivers on Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, and Server 2012, where objects in memory are not properly handled, allowing physicall...