663 matches found
CVE-2013-1294
The CVE-2013-1294 entry describes a kernel race-condition vulnerability in the Windows family (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) where improper handling of in-memory objects can be abused by a crafted local application to ...
CVE-2013-3200
CVE-2013-3200 concerns a local-privilege-escalation in Windows USB handling. The vulnerability exists in kernel-mode USB drivers across multiple Windows releases (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows RT). A crafted USB devi...
CVE-2001-0879
CVE-2001-0879 describes a format-string vulnerability in the C runtime functions used by Microsoft SQL Server 7.0 and 2000. The underlying issue is a format string handling flaw in the C runtime, which can allow an attacker to trigger a denial of service. The available connected documents confirm...
CVE-2005-2118
Summary (CVE-2005-2118 / CVE-2005-2122) : Both vulnerabilities stem from how Windows Shell handles .lnk shortcut files, enabling remote code execution through crafted shortcuts or properties. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003. The issues differ in the...
CVE-2006-0034
CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...
CVE-2009-2530
CVE-2009-2530 corresponds to an Internet Explorer memory corruption vulnerability (Uninitialized Memory Corruption) that could allow remote code execution when a user views a specially crafted Web page. Connected documents show Microsoft’s MS09-054 cumulative security update for Internet Explorer...
CVE-2010-0489
The CVE-2010-0489 entry corresponds to a Race Condition Memory Corruption vulnerability in Microsoft Internet Explorer (affecting IE 5.01 SP4, 6, 6 SP1, and 7). The connected sources confirm a remote code execution scenario triggered by specially crafted HTML/Web content, with exploitation possib...
CVE-2010-0490
CVE-2010-0490 is an Uninitialized Memory Corruption vulnerability in Microsoft Internet Explorer (IE6, IE6 SP1, IE7, IE8) that could allow remote code execution when IE accesses an object that has not been properly initialized or has been deleted. Exploitation involves viewing a specially crafted...
CVE-2010-1882
CVE-2010-1882 corresponds to a memory corruption/buffer overflow in the Microsoft DirectShow MPEG Layer-3 Audio Codec (l3codecx.ax). The vulnerability exists in the MPEG Layer-3 codec used by Windows Media/DirectShow and can be triggered by a specially crafted MPEG‑L3 audio stream in a media file...
CVE-2010-3943
CVE-2010-3943 affects Windows kernel-mode Win32k.sys, where driver objects are not properly linked, enabling local privilege escalation through linked-list corruption. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP...
CVE-2010-4562
CVE-2010-4562 affects Microsoft Windows platforms when using IPv6. It allows remote attackers to infer if a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and observing an Echo Reply (as demonstrated by thcping). The entry notes a typographical collision: so...
CVE-2013-1283
CVE-2013-1283 affects Windows kernel-mode drivers, specifically Win32k.sys, with a local privilege-escalation due to race conditions from improper handling of memory objects. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Wind...
CVE-2004-0897
CVE-2004-0897 covers a remote code execution vulnerability in the Microsoft Windows Indexing Service (Indexing Service) on Windows XP and Windows Server 2003. The issue arises from an unchecked/lenient handling of query input leading to a buffer overflow, enabling an attacker to execute arbitrary...
CVE-2004-2339
CVE-2004-2339 affects Microsoft Windows 2000, XP, and possibly 2003. The vulnerability allows local users with SeDebugPrivilege to execute arbitrary code at kernel level and read/write kernel memory via NtSystemDebugControl, with argument pointer verification not performed. The issue is local and...
CVE-2005-1984
CVE-2005-1984 is a buffer overflow in the Microsoft Print Spooler (Spoolsv.exe) affecting Windows 2000, XP, and Windows Server 2003. The vulnerability allows remote code execution via a crafted Print Spooler Service packet or message. Microsoft/MS05-043 (KB896423) addresses the issue with an upda...
CVE-2009-0088
CVE-2009-0088 describes a remote code execution vulnerability in the WordPerfect 6.x Converter (WPFT632.CNV) used by Word 2000 SP3 and the Office Converter Pack. The issue arises when the converter fails to properly validate the length of an input string, enabling a crafted WordPerfect 6.x docume...
CVE-2009-0231
CVE-2009-0231 concerns a heap-based overflow in the Embedded OpenType Font Engine (T2EMBED.DLL) used by Microsoft Windows. The vulnerability stems from an integer truncation while processing OpenType font records, allowing remote attackers to execute arbitrary code by delivering a crafted EOT/Ope...
CVE-2009-1929
The CVE-2009-1929 entry maps to MS09-044 vulnerabilities in the Microsoft Remote Desktop Connection/Terminal Services Client ActiveX control. A heap-based buffer overflow in the ActiveX control (versions 5.2 and 6.1) could allow remote code execution when a user connects to a malicious server or ...
CVE-2010-0236
The CVE-2010-0236 entry concerns a Windows kernel memory allocation vulnerability in which memory is not properly allocated for the destination key when extracting a symbolic‑link registry key. A local attacker could exploit this elevation‑of‑privilege flaw to execute code in kernel mode, potenti...
CVE-2010-0484
CVE-2010-0484 affects Windows kernel-mode drivers in win32k.sys. The vulnerability arises from improper validation/memory handling when processing Device Contexts (DC) via GetDCEx, enabling local users to execute arbitrary code in kernel mode (ring0) on affected Windows versions. Affected are Win...
CVE-2010-0811
CVE-2010-0811 corresponds to a remote code execution vulnerability in the Internet Explorer 8 Developer Tools ActiveX control (iedvtool.dll). Public sources (OpenVAS/Nessus entries) tie this to Microsoft IE/Win components and list affected Windows versions including 2000 SP4, XP SP2/SP3, Server 2...
CVE-2010-3974
CVE-2010-3974 is a memory corruption vulnerability in the Windows Fax Cover Page Editor (fxscover.exe) that occurs when parsing crafted Fax cover pages (.cov). A remote attacker could execute arbitrary code on affected systems by convincing a user to open a malicious fax cover page file. Affected...
CVE-2011-1894
The CVE-2011-1894 issue affects the MHTML protocol handler used by Microsoft Windows components (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/R2, Windows 7 SP1). The vulnerability arises from improper handling of a MIME format in requests for embedded content within an HTML docume...
CVE-2013-1273
CVE-2013-1273 is a race condition in the win32k.sys kernel-mode driver that can allow local privilege escalation and reading arbitrary kernel memory on affected Windows platforms (XP SP2-SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP0-SP1). The vulnerability stems from timing/o...
CVE-2004-0202
CVE-2004-0202 concerns a denial-of-service vulnerability in the DirectPlay API, specifically the IDirectPlay4 interfaces of DirectPlay within Microsoft DirectX. The issue arises from insufficient input/packet validation of incoming network data, enabling a remote attacker to crash a DirectPlay-ba...
CVE-2005-0044
CVE-2005-0044 is the Input Validation Vulnerability in the Windows OLE component that could allow remote code execution. The NVD/NVD-derived data unify that the issue affects Windows 98, 2000, XP, and Server 2003, as well as Exchange Server 5.0–2003, caused by improper validation of message lengt...
CVE-2005-0550
CVE-2005-0550 describes a buffer overflow in Microsoft Windows Object Management handling that could be exploited locally to cause a denial of service (system crash). Affected products include Windows 2000, Windows XP (SP1 and SP2), and Windows Server 2003. The underlying issue is an unchecked bu...
CVE-2005-1983
CVE-2005-1983 involves a stack-based buffer overflow in the Windows Plug and Play (PnP) service. Public details in connected sources describe a remote-code-execution vulnerability that can be triggered by a crafted PnP RPC packet, affecting Windows 2000 and Windows XP with SP1, and was notably ex...
CVE-2008-1084
CVE-2008-1084 affects the Windows kernel (Win32k). The issue is a local privilege escalation in the kernel’s win32k.sys, traced to improper input validation, with one affected function allegedly NtUserFnOUTSTRING. Impact is local code execution with HIGH severity (CVSS v2 base 7.2) on Windows 200...
CVE-2009-0235
The CVE-2009-0235 entry covers a stack-based buffer overflow in WordPad’s Word 97 text converter used to open Word 97 files on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP1/SP2. The root cause is a mismatch between a 32-bit length value from the file and the lower 16 bits used during a copy, ...
CVE-2009-1547
CVE-2009-1547 concerns Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7. The issue is a remote code execution vulnerability triggered by a crafted data-stream header causing memory corruption in the browser. Technical details across connected docs show that this affects legacy IE versions an...
CVE-2010-0494
CVE-2010-0494 is the HTML Element Cross-Domain Vulnerability in Internet Explorer (IE6/6 SP1/7/8) that allows information disclosure when a user drags one IE window across another. The issue affects IE’s handling of cross-domain scripting context and is addressed by Microsoft Security Bulletin MS...
CVE-2010-0812
ISATAP IPv6 Source Address Spoofing vulnerability (CVE-2010-0812) affects Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The flaw in the Windows TCP/IP stack checks the inner IPv6 source in tunneled ISATAP packets, enabling spoofing that could bypass IPv4 source-address ...
CVE-2010-3222
CVE-2010-3222 describes a stack-based buffer overflow in the Windows Local Procedure Call subsystem (RPCSS) affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability occurs during LPC–LRPC port message handling between LPC and the LRPC server, allowing a locally authenticated us...
CVE-2011-0090
CVE-2011-0090 concerns Win32k.sys in the kernel-mode drivers of affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability stems from improper validation of data passed from user mode to kernel mode, enabling local privilege e...
CVE-2011-1885
The CVE-2011-1885 issue affects Win32k.sys in multiple Windows OS versions (Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/R2 SP1, Windows 7 Gold/SP1). It is a local privilege escalation caused by a NULL pointer dereference in kernel‑mode drivers, allowing a crafted a...
CVE-2002-0693
The CVE-2002-0693 issue affects multiple Windows platforms (Windows 98, 98 SE, Millennium, NT 4.0 and Terminal Server, Windows 2000, Windows XP) through the HTML Help ActiveX control (hhctrl.ocx). The root cause is an unchecked/buffer overflow in the HTML Help facility ActiveX module that could b...
CVE-2002-1260
The CVE-2002-1260 vulnerability affects Microsoft Virtual Machine (VM) 5.0.3805 and earlier, where the JDBC APIs can be exploited by an untrusted Java applet to bypass security checks and access database contents. This is a remote, network‑vector issue that allows partial confidentiality/integrit...
CVE-2003-0010
The CVE-2003-0010 issue is a heap-based overflow in the Windows Script Engine (JsArrayFunctionHeapSort in JScript.dll) that can allow remote code execution via a malicious web page or HTML e-mail. Affected component is Windows Script Engine/JScript.dll; exploit arises from handling large array in...
CVE-2003-0807
CVE-2003-0807 : A denial-of-service vulnerability in Microsoft Windows where the COM Internet Services (CIS) and RPC over HTTP Proxy components can be overwhelmed by a crafted forwarded response, causing the backend to stop accepting requests. Related connected documents (MS04-012) identify this ...
CVE-2004-0568
HyperTerminal for Windows NT 4.0/2000/XP/Server 2003 contains a buffer overflow in session file handling due to improper validation of a value’s length. This allows a remote attacker to execute arbitrary code when a user opens a malicious HyperTerminal session file (.ht), or follows a web/Telnet ...
CVE-2004-1319
The CVE-2004-1319 issue concerns the DHTML Editing Component ActiveX control (dhtmled.ocx) used by Internet Explorer. The vulnerability is cross-domain in nature and could allow remote code execution or information disclosure by exploiting the control from a malicious page, potentially granting a...
CVE-2005-1208
CVE-2005-1208 describes a remote code execution vulnerability in Microsoft HTML Help (CHM/InfoTech Storage protocols like ms-its, ms-itss, its, mk:@MSITStore). The root cause is an integer overflow/heap-based buffer overflow when processing crafted CHM content with a large size field, exploitable...
CVE-2009-0232
CVE-2009-0232: A remote-code-execution vulnerability in the Embedded OpenType (EOT) Font Engine. An integer overflow occurs while parsing EOT name tables, affecting Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista SP1/SP2; and Server 2008 Gold/SP2. An attacker could exploit this via a crafted...
CVE-2009-1919
Microsoft Internet Explorer variants 5.01–8 on Windows 2000–Vista/Server 2003/2008 are affected by an Uninitialized Memory Corruption vulnerability in memory handling of deleted objects when processing HTML with embedded style sheets. The connected KB describes MS09-034 (Cumulative Security Updat...
CVE-2009-2513
CVE-2009-2513 is the Win32k Insufficient Data Validation Vulnerability affecting the Windows kernel-mode GDI path (win32k.sys). The issue stems from improper validation of user-mode input in the GDI subsystem, allowing local users to execute arbitrary code in kernel mode and escalate privileges. ...
CVE-2009-2531
CVE-2009-2531 corresponds to an Uninitialized Memory Corruption vulnerability in Microsoft Internet Explorer (IE 6, 6 SP1, 7, and 8). The connected MSKB MS09-054 describes a cumulative security update that mitigates remote code execution by requiring users visit a malicious page; applying the MS0...
CVE-2010-0483
CVE-2010-0483 targets VBScript.dll in VBScript 5.1/5.6/5.7/5.8 on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. When Internet Explorer is used, referencing a crafted .hlp file via the MsgBox function’s helpfile argument (local, UNC, or WebDAV) can lead to code execution via winhlp32.exe if t...
CVE-2010-3940
CVE-2010-3940 is a Windows kernel-mode driver (win32k.sys) vulnerability described as a double-free in the Win32k PFE pointer handling that could allow local privilege elevation. Affected platforms include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Go...
CVE-2011-0028
CVE-2011-0028 concerns a vulnerability in Microsoft WordPad Text Converters used by WordPad on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is an error in the WordPad converter that fails to correctly parse certain Word document fields (notably sprmTTextFlow and sprmTSplit), all...