663 matches found
CVE-2013-3879
Win32k Use After Free Vulnerability (CVE-2013-3879): a local privilege-escalation in the win32k.sys kernel-mode driver affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, and RT. Root cause: use-after-free in memory object handling within the W...
CVE-2010-3940
CVE-2010-3940 is a Windows kernel-mode driver (win32k.sys) vulnerability described as a double-free in the Win32k PFE pointer handling that could allow local privilege elevation. Affected platforms include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Go...
CVE-2011-0028
CVE-2011-0028 concerns a vulnerability in Microsoft WordPad Text Converters used by WordPad on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is an error in the WordPad converter that fails to correctly parse certain Word document fields (notably sprmTTextFlow and sprmTSplit), all...
CVE-2011-1247
CVE-2011-1247 describes an untrusted search path vulnerability in the Microsoft Active Accessibility component that affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 RTM/SP1. The underlying flaw is insecure library loading (DLL l...
CVE-2011-3408
CVE-2011-3408 describes a local privilege-escalation vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS). Csrsrv.dll in CSRSS fails to properly check permissions when a lower-integrity process sends inter-process device-event messages to a higher-integrity process, allowing a lo...
CVE-2012-0001
CVE-2012-0001 details (Windows kernel SafeSEH bypass). The vulnerability arises from the kernel’s improper loading of structured exception handling (SEH) tables in Windows XP SP2, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, and Windows 7 SP1. This allows context-dependent attackers to ...
CVE-2012-1865
CVE-2012-1865 affects Microsoft Windows kernel- mode drivers (notably win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause, as described in the CVE entry, is that user-mode input passed to kernel mode for driver ob...
CVE-2013-1255
The CVE-2013-1255 entry describes a race condition in the win32k.sys kernel-mode driver that allows local privilege elevation and reading of arbitrary kernel memory. Affected are: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 Gold/SP...
CVE-2013-1341
CVE-2013-1341 affects the Windows kernel component win32k.sys (kernel-mode drivers) and allows local privilege escalation via a crafted application on several Windows families. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8. Root cause: ...
CVE-2013-3173
CVE-2013-3173 corresponds to the Win32k.sys kernel-mode driver buffer overflow vulnerability (Win32k Buffer Overwrite Vulnerability) that allows local privilege escalation on affected Windows versions. Documents reference Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008/R2 SP1, 7 SP1, ...
CVE-2003-0659
CVE-2003-0659 describes a buffer-overflow in a function used by the Windows ListBox and ComboBox controls (User32.dll) that can be triggered by crafted Windows messages (LB_DIR/CB_DIR). This local, interactive vulnerability could allow an attacker who can log on to execute arbitrary code with the...
CVE-2004-0207
CVE-2004-0207 is a local privilege-elevation vulnerability in the Windows Window Management APIs (SetWindowLong/SetWindowLongPtr) that could let a logged-on user change properties of higher-privileged processes and gain full control of the system. Affected Windows platforms include Windows 98, NT...
CVE-2004-1305
CVE-2004-1305 refers to a denial-of-service vulnerability in the Windows kernel related to how animated cursor and icon formats are processed. The weakness, described in MS05-002 and related CERT advisories, can be triggered by specially crafted cursor/icon/ani files viewed via Web pages or email...
CVE-2006-0012
CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...
CVE-2008-1087
CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...
CVE-2009-1126
CVE-2009-1126 corresponds to the Windows Desktop Parameter Edit Vulnerability. Affected products are Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. The kernel fails to properly validate user-mode input when editing a specific desktop parameter, enabling a local attacker to execute cod...
CVE-2009-3675
CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...
CVE-2010-1896
CVE-2010-1896 corresponds to Win32k User Input Validation Vulnerability. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 (Gold/SP2). The flaw is in win32k.sys where user-mode input is not properly validated before kernel-mode ...
CVE-2010-2738
Microsoft Windows/Office Uniscribe (USP10.DLL) vulnerability CVE-2010-2738 involves improper validation of tables in OpenType fonts, leading to remote code execution via crafted web pages or Office documents. Affected components include USP10.DLL across Windows XP SP2/SP3, Server 2003 SP2, Vista ...
CVE-2011-0662
CVE-2011-0662 is a Win32k.sys use-after-free vulnerability in Windows kernel-mode drivers that allows a local user to escalate privileges via a crafted application, due to incorrect driver object management. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2,...
CVE-2011-1268
CVE-2011-1268 affects the SMB client in various Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The issue is a remote code execution flaw caused by improper parsing of crafted SMB responses (SMBv1 or SMBv2), allowing an attacker to execute ar...
CVE-2001-1560
CVE-2001-1560 involves Win32k.sys (Graphics Device Interface, GDI) on Windows 2000/XP. The vulnerability arises when a local user calls the ShowWindow function after receiving a WM_NCCREATE message, enabling a local DoS (system crash). Documents consistently reference this by name and description...
CVE-2005-0048
CVE-2005-0048 is a Windows IP stack vulnerability (IP Validation Vulnerability) that allows remote code execution or denial of service via crafted IP packets with malformed options. Affected products include Windows XP SP2 and earlier, Windows 2000 SP3/SP4, and Windows Server 2003. The root cause...
CVE-2005-0058
CVE-2005-0058 describes a buffer overflow in the Windows Telephony API (TAPI) that can allow either remote code execution or local privilege elevation, depending on OS/version and configuration. Affected platforms include Windows 98/98 SE/ME, Windows 2000, Windows XP, and Windows Server 2003. The...
CVE-2005-1218
CVE-2005-1218 describes a denial-of-service in the Microsoft Windows Remote Desktop Protocol (RDP) service affecting Windows 2000/XP/Server 2003. Root cause: an input-validation flaw in how RDP messages are processed, which could allow a remote attacker to crash the RDP service by sending a craft...
CVE-2005-1978
CAN-2005-1978 pertains to a COM+ vulnerability in Windows (MS04-era MS05-051 context) where the COM+ component creates/uses memory structures in a way that could allow remote code execution and local privilege escalation. The linked MS05-051 bulletin confirms affected platforms include Windows 20...
CVE-2006-0013
Mode C: Affected software and root cause: Microsoft Windows XP SP1/SP2 and Windows Server 2003 up to SP1 with the Web Client service (WebClnt.dll) are vulnerable. The issue is an unchecked buffer in the Web Client service that handles WebDAV/RPC messages, enabling remote code execution. Impact: a...
CVE-2006-0032
Microsoft Windows Indexing Service vulnerability (CVE-2006-0032) is a cross-site scripting flaw in the Indexing Service component of Windows 2000/XP/Server 2003 when Encoding is set to Auto Select. An attacker can craft a UTF-7 URL that is injected into an error message, potentially executing scr...
CVE-2007-1206
CVE-2007-1206 describes a Windows Kernel local privilege elevation due to incorrect permissions on a mapped memory segment (PAGE_READWRITE) for a physical memory view, enabling an unprivileged user to modify the zero page and gain privileges. Affected systems include Windows NT 4.0; 2000 SP4; XP ...
CVE-2007-1531
The CVE-2007-1531 issue affects Microsoft Windows XP and Vista where gratuitous ARP responses can overwrite ARP table entries, enabling a remote attacker on the local network to cause DoS by sending crafted ARP traffic to a Vista host. Connected sources document PoC-style ARP DoS exploits against...
CVE-2009-0230
CVE-2009-0230 : A remote authenticated elevation-of-privilege vulnerability in the Windows Print Spooler allowing an arbitrary DLL to be loaded via a crafted RPC message. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 SP2. Exploitation requires th...
CVE-2010-0265
CVE-2010-0265 affects Windows Movie Maker (versions 2.1, 2.6, 6.0) and Microsoft Producer 2003. Root cause is a heap/buffer overflow in IsValidWMToolsStream() due to reusing a buffer with mismatched sizes, enabling remote code execution when a crafted .MSWMM file is opened. Microsoft addressed th...
CVE-2010-0807
CVE-2010-0807 affects Microsoft Internet Explorer 7 and is caused by improper handling of objects in memory when accessing a deleted object, leading to HTML Rendering Memory Corruption and remote code execution. The issue allows an attacker to run arbitrary code on a vulnerable machine, typically...
CVE-2010-1897
CVE-2010-1897 affects Windows kernel-mode drivers in win32k.sys across Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7. The vulnerability arises from improper validation of pseudo-handle values passed in callback parameters during Crea...
CVE-2011-0676
CVE-2011-0676 affects Windows kernel-mode drivers (notably win32k.sys) across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in the Win32k subsystem that allows local users t...
CVE-2011-1876
CVE-2011-1876 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) that allows local privilege escalation by abusing improper driver object management. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2...
CVE-2011-2011
The CVE-2011-2011 issue is a local privilege-escalation vulnerability in Windows kernel components, specifically Win32k.sys, affecting Windows XP, Server 2003, Vista, Server 2008/R2, and Windows 7 (Gold/SP1). Root cause: a use-after-free condition in win32k.sys due to incorrect driver object mana...
CVE-2011-3406
CVE-2011-3406 describes a buffer overflow in Microsoft Windows Active Directory, ADAM, and AD LDS that can allow a remote authenticated attacker to execute arbitrary code by sending a crafted LDAP query. Root cause: memory initialization issue in LDAP request handling. Affected products/versions ...
CVE-2012-0005
CVE-2012-0005 affects Microsoft Windows CSRSS in the Win32 subsystem (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2). The issue arises when processing Unicode characters for Chinese/Japanese/Korean locales, leading to uninitialized memory access and local privilege escalation. Exploitat...
CVE-2013-1344
CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...
CVE-2003-0711
CVE-2003-0711 describes a stack-based buffer overflow in the PCHealth-HSC (Help and Support Center) HCP URL handling on Windows XP and Windows Server 2003. The unchecked buffer in the HCP protocol-handling file allows remote code execution with SYSTEM/Local privileges when a user clicks a crafted...
CVE-2008-1083
CVE-2008-1083 describes a remote-code-execution vulnerability in the Windows GDI component. The flaw occurs in the CreateDIBPatternBrushPt function when parsing malformed EMF/WMF image headers, leading to a heap-based/integer overflow in GDI and potentially arbitrary code execution on affected sy...
CVE-2009-1544
CVE-2009-1544 affects the Windows Workstation (wkssvc) service where improper memory handling during RPC processing (NetrGetJoinInformation) causes a double-free. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2 (Gold), Server 2008 (Gold/SP2). Impact per sources: remote authenticated ...
CVE-2009-2519
CVE-2009-2519 describes a remote code execution vulnerability in the DHTML Editing Component ActiveX Control (triedit.dll) bundled with Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The flaw arises when formatting HTML markup, allowing a crafted web page viewed in Internet Explorer to trigge...
CVE-2010-1255
CVE-2010-1255 maps to the Win32k TrueType Font Parsing Vulnerability in Windows kernel-mode driver win32k.sys. The issue concerns how glyph outline information is provided to user-mode applications, enabling local users to execute arbitrary code in kernel mode. Affected products include Windows 2...
CVE-2010-1894
Win32k Exception Handling Vulnerability (CVE-2010-1894) affects Windows XP SP2/SP3 and Windows Server 2003 SP2 via win32k.sys. Description: the kernel-mode driver does not properly handle certain exceptions, enabling local privilege escalation by a crafted application. Impact: attacker could exec...
CVE-2011-1880
CVE-2011-1880 affects Windows kernel-mode drivers, specifically Win32k.sys, across multiple OS versions (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold SP2/R2 and R2 SP1, Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in Win32k....
CVE-2011-3397
This CVE affects the Microsoft Windows Time component (DATIME.DLL) on Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability allows remote code execution via a crafted web page that leverages an unspecified binary behavior in Internet Explorer. The issue is documented as CVE-2011-3397 ...
CVE-2012-0154
CVE-2012-0154 is a local Privilege Escalation in Windows kernel-mode driver win32k.sys (Keyboard Layout Use After Free). Affected: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1. Root cause: use-after-free in keyboard layo...
CVE-2005-0904
CVE-2005-0904 affects Windows XP SP1 Remote Desktop. The issue is that the system does not verify the setting “Force shutdown from a remote system,” which allows a remote attacker to shut down the host by executing TSShutdn.exe. The vulnerability details in the connected data confirm this behavio...