663 matches found
CVE-2005-1983
CVE-2005-1983 involves a stack-based buffer overflow in the Windows Plug and Play (PnP) service. Public details in connected sources describe a remote-code-execution vulnerability that can be triggered by a crafted PnP RPC packet, affecting Windows 2000 and Windows XP with SP1, and was notably ex...
CVE-2009-0232
CVE-2009-0232: A remote-code-execution vulnerability in the Embedded OpenType (EOT) Font Engine. An integer overflow occurs while parsing EOT name tables, affecting Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista SP1/SP2; and Server 2008 Gold/SP2. An attacker could exploit this via a crafted...
CVE-2009-1126
CVE-2009-1126 corresponds to the Windows Desktop Parameter Edit Vulnerability. Affected products are Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. The kernel fails to properly validate user-mode input when editing a specific desktop parameter, enabling a local attacker to execute cod...
CVE-2009-2531
CVE-2009-2531 corresponds to an Uninitialized Memory Corruption vulnerability in Microsoft Internet Explorer (IE 6, 6 SP1, 7, and 8). The connected MSKB MS09-054 describes a cumulative security update that mitigates remote code execution by requiring users visit a malicious page; applying the MS0...
CVE-2009-3675
CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...
CVE-2010-0483
CVE-2010-0483 targets VBScript.dll in VBScript 5.1/5.6/5.7/5.8 on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. When Internet Explorer is used, referencing a crafted .hlp file via the MsgBox function’s helpfile argument (local, UNC, or WebDAV) can lead to code execution via winhlp32.exe if t...
CVE-2010-3940
CVE-2010-3940 is a Windows kernel-mode driver (win32k.sys) vulnerability described as a double-free in the Win32k PFE pointer handling that could allow local privilege elevation. Affected platforms include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Go...
CVE-2011-0662
CVE-2011-0662 is a Win32k.sys use-after-free vulnerability in Windows kernel-mode drivers that allows a local user to escalate privileges via a crafted application, due to incorrect driver object management. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2,...
CVE-2011-1268
CVE-2011-1268 affects the SMB client in various Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The issue is a remote code execution flaw caused by improper parsing of crafted SMB responses (SMBv1 or SMBv2), allowing an attacker to execute ar...
CVE-2011-3408
CVE-2011-3408 describes a local privilege-escalation vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS). Csrsrv.dll in CSRSS fails to properly check permissions when a lower-integrity process sends inter-process device-event messages to a higher-integrity process, allowing a lo...
CVE-2013-1255
The CVE-2013-1255 entry describes a race condition in the win32k.sys kernel-mode driver that allows local privilege elevation and reading of arbitrary kernel memory. Affected are: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 Gold/SP...
CVE-2013-3173
CVE-2013-3173 corresponds to the Win32k.sys kernel-mode driver buffer overflow vulnerability (Win32k Buffer Overwrite Vulnerability) that allows local privilege escalation on affected Windows versions. Documents reference Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP1, 7 SP1, ...
CVE-2013-3879
Win32k Use After Free Vulnerability (CVE-2013-3879): a local privilege-escalation in the win32k.sys kernel-mode driver affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, and RT. Root cause: use-after-free in memory object handling within the W...
CVE-2001-1560
CVE-2001-1560 involves Win32k.sys (Graphics Device Interface, GDI) on Windows 2000/XP. The vulnerability arises when a local user calls the ShowWindow function after receiving a WM_NCCREATE message, enabling a local DoS (system crash). Documents consistently reference this by name and description...
CVE-2003-0010
The CVE-2003-0010 issue is a heap-based overflow in the Windows Script Engine (JsArrayFunctionHeapSort in JScript.dll) that can allow remote code execution via a malicious web page or HTML e-mail. Affected component is Windows Script Engine/JScript.dll; exploit arises from handling large array in...
CVE-2005-1218
CVE-2005-1218 describes a denial-of-service in the Microsoft Windows Remote Desktop Protocol (RDP) service affecting Windows 2000/XP/Server 2003. Root cause: an input-validation flaw in how RDP messages are processed, which could allow a remote attacker to crash the RDP service by sending a craft...
CVE-2007-1531
The CVE-2007-1531 issue affects Microsoft Windows XP and Vista where gratuitous ARP responses can overwrite ARP table entries, enabling a remote attacker on the local network to cause DoS by sending crafted ARP traffic to a Vista host. Connected sources document PoC-style ARP DoS exploits against...
CVE-2010-0807
CVE-2010-0807 affects Microsoft Internet Explorer 7 and is caused by improper handling of objects in memory when accessing a deleted object, leading to HTML Rendering Memory Corruption and remote code execution. The issue allows an attacker to run arbitrary code on a vulnerable machine, typically...
CVE-2011-0676
CVE-2011-0676 affects Windows kernel-mode drivers (notably win32k.sys) across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in the Win32k subsystem that allows local users t...
CVE-2011-1247
CVE-2011-1247 describes an untrusted search path vulnerability in the Microsoft Active Accessibility component that affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 RTM/SP1. The underlying flaw is insecure library loading (DLL l...
CVE-2012-0005
CVE-2012-0005 affects Microsoft Windows CSRSS in the Win32 subsystem (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2). The issue arises when processing Unicode characters for Chinese/Japanese/Korean locales, leading to uninitialized memory access and local privilege escalation. Exploitat...
CVE-2003-0711
CVE-2003-0711 describes a stack-based buffer overflow in the PCHealth-HSC (Help and Support Center) HCP URL handling on Windows XP and Windows Server 2003. The unchecked buffer in the HCP protocol-handling file allows remote code execution with SYSTEM/Local privileges when a user clicks a crafted...
CVE-2004-1305
CVE-2004-1305 refers to a denial-of-service vulnerability in the Windows kernel related to how animated cursor and icon formats are processed. The weakness, described in MS05-002 and related CERT advisories, can be triggered by specially crafted cursor/icon/ani files viewed via Web pages or email...
CVE-2005-0048
CVE-2005-0048 is a Windows IP stack vulnerability (IP Validation Vulnerability) that allows remote code execution or denial of service via crafted IP packets with malformed options. Affected products include Windows XP SP2 and earlier, Windows 2000 SP3/SP4, and Windows Server 2003. The root cause...
CVE-2005-1978
CAN-2005-1978 pertains to a COM+ vulnerability in Windows (MS04-era MS05-051 context) where the COM+ component creates/uses memory structures in a way that could allow remote code execution and local privilege escalation. The linked MS05-051 bulletin confirms affected platforms include Windows 20...
CVE-2006-0012
CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...
CVE-2006-0013
Mode C: Affected software and root cause: Microsoft Windows XP SP1/SP2 and Windows Server 2003 up to SP1 with the Web Client service (WebClnt.dll) are vulnerable. The issue is an unchecked buffer in the Web Client service that handles WebDAV/RPC messages, enabling remote code execution. Impact: a...
CVE-2006-0032
Microsoft Windows Indexing Service vulnerability (CVE-2006-0032) is a cross-site scripting flaw in the Indexing Service component of Windows 2000/XP/Server 2003 when Encoding is set to Auto Select. An attacker can craft a UTF-7 URL that is injected into an error message, potentially executing scr...
CVE-2009-1544
CVE-2009-1544 affects the Windows Workstation (wkssvc) service where improper memory handling during RPC processing (NetrGetJoinInformation) causes a double-free. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2 (Gold), Server 2008 (Gold/SP2). Impact per sources: remote authenticated ...
CVE-2010-0265
CVE-2010-0265 affects Windows Movie Maker (versions 2.1, 2.6, 6.0) and Microsoft Producer 2003. Root cause is a heap/buffer overflow in IsValidWMToolsStream() due to reusing a buffer with mismatched sizes, enabling remote code execution when a crafted .MSWMM file is opened. Microsoft addressed th...
CVE-2010-1255
CVE-2010-1255 maps to the Win32k TrueType Font Parsing Vulnerability in Windows kernel-mode driver win32k.sys. The issue concerns how glyph outline information is provided to user-mode applications, enabling local users to execute arbitrary code in kernel mode. Affected products include Windows 2...
CVE-2010-1896
CVE-2010-1896 corresponds to Win32k User Input Validation Vulnerability. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 (Gold/SP2). The flaw is in win32k.sys where user-mode input is not properly validated before kernel-mode ...
CVE-2010-2738
Microsoft Windows/Office Uniscribe (USP10.DLL) vulnerability CVE-2010-2738 involves improper validation of tables in OpenType fonts, leading to remote code execution via crafted web pages or Office documents. Affected components include USP10.DLL across Windows XP SP2/SP3, Server 2003 SP2, Vista ...
CVE-2011-3406
CVE-2011-3406 describes a buffer overflow in Microsoft Windows Active Directory, ADAM, and AD LDS that can allow a remote authenticated attacker to execute arbitrary code by sending a crafted LDAP query. Root cause: memory initialization issue in LDAP request handling. Affected products/versions ...
CVE-2012-0154
CVE-2012-0154 is a local Privilege Escalation in Windows kernel-mode driver win32k.sys (Keyboard Layout Use After Free). Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1. Root cause: use-after-free in keyboard layo...
CVE-2013-1344
CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...
CVE-2005-0058
CVE-2005-0058 describes a buffer overflow in the Windows Telephony API (TAPI) that can allow either remote code execution or local privilege elevation, depending on OS/version and configuration. Affected platforms include Windows 98/98 SE/ME, Windows 2000, Windows XP, and Windows Server 2003. The...
CVE-2005-0904
CVE-2005-0904 affects Windows XP SP1 Remote Desktop. The issue is that the system does not verify the setting “Force shutdown from a remote system,” which allows a remote attacker to shut down the host by executing TSShutdn.exe. The vulnerability details in the connected data confirm this behavio...
CVE-2006-1476
Windows Firewall in Microsoft Windows XP SP2 is affected by an issue where the firewall produces incorrect application block alerts when the application filename is “.exe” (no characters before the dot). This can enable local user-assisted actions to trick a user into unblocking a Trojan horse pr...
CVE-2006-2334
The CVE-2006-2334 issue affects the Windows NT kernel user-mode path conversion: the RtlDosPathNameToNtPathName_U API in NTDLL.DLL on Windows 2000 SP4 and XP SP2 mishandles DOS-style paths with trailing spaces, allowing context-dependent attackers to create files that aren’t accessible via the ex...
CVE-2006-6797
CVE-2006-6797 is a Windows CSRSS vulnerability where local users can cause a DoS crash or read arbitrary memory in csrss.exe by crafting arguments to NtRaiseHardError (status 0x50000018). It is tied to MS07-021 and attributed to improper CSRSS error message handling. Affected component: Client/Se...
CVE-2007-1206
CVE-2007-1206 describes a Windows Kernel local privilege elevation due to incorrect permissions on a mapped memory segment (PAGE_READWRITE) for a physical memory view, enabling an unprivileged user to modify the zero page and gain privileges. Affected systems include Windows NT 4.0; 2000 SP4; XP ...
CVE-2008-1083
CVE-2008-1083 describes a remote-code-execution vulnerability in the Windows GDI component. The flaw occurs in the CreateDIBPatternBrushPt function when parsing malformed EMF/WMF image headers, leading to a heap-based/integer overflow in GDI and potentially arbitrary code execution on affected sy...
CVE-2008-1087
CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...
CVE-2009-0230
CVE-2009-0230 : A remote authenticated elevation-of-privilege vulnerability in the Windows Print Spooler allowing an arbitrary DLL to be loaded via a crafted RPC message. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 SP2. Exploitation requires th...
CVE-2009-1928
The CVE-2009-1928 entry describes an LSASS Recursive Stack Overflow vulnerability that causes denial of service in Active Directory implementations. Affected software includes: Microsoft Windows 2000 Server SP4, Windows Server 2003 SP2, Windows Server 2008 (Gold and SP2) Active Directory; Active ...
CVE-2009-2519
CVE-2009-2519 describes a remote code execution vulnerability in the DHTML Editing Component ActiveX Control (triedit.dll) bundled with Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The flaw arises when formatting HTML markup, allowing a crafted web page viewed in Internet Explorer to trigge...
CVE-2010-1897
CVE-2010-1897 affects Windows kernel-mode drivers in win32k.sys across Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7. The vulnerability arises from improper validation of pseudo-handle values passed in callback parameters during Crea...
CVE-2011-1876
CVE-2011-1876 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) that allows local privilege escalation by abusing improper driver object management. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2...
CVE-2011-2011
The CVE-2011-2011 issue is a local privilege-escalation vulnerability in Windows kernel components, specifically Win32k.sys, affecting Windows XP, Server 2003, Vista, Server 2008/R2, and Windows 7 (Gold/SP1). Root cause: a use-after-free condition in win32k.sys due to incorrect driver object mana...