Lucene search

K

81 matches found

CVE
CVE
added 2005/05/31 4:0 a.m.114 views

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they ap...

5CVSS6.2AI score0.86024EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.105 views

CVE-2004-0790

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0...

5CVSS7.5AI score0.79728EPSS
CVE
CVE
added 2005/11/16 7:37 a.m.97 views

CVE-2002-2132

Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

2.1CVSS6.8AI score0.00757EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.90 views

CVE-2005-2117

Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.

5.1CVSS7.2AI score0.61908EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.87 views

CVE-2005-1206

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

7.5CVSS7.8AI score0.57969EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.79 views

CVE-2002-2185

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from ...

4.9CVSS4.5AI score0.00377EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.78 views

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

5.1CVSS7.7AI score0.44287EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.72 views

CVE-2004-0571

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.

10CVSS7.6AI score0.26517EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.71 views

CVE-2004-0901

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different...

10CVSS7.5AI score0.26517EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.67 views

CVE-2005-0416

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

7.5CVSS7.6AI score0.47317EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.67 views

CVE-2005-2118

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explo...

5.1CVSS7.9AI score0.65565EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.65 views

CVE-2005-1208

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in ...

10CVSS7.9AI score0.44792EPSS
CVE
CVE
added 2005/10/13 10:2 a.m.64 views

CVE-2005-2120

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "" (backslash) characters in a registry key name, which triggers the overfl...

6.5CVSS7.5AI score0.73409EPSS
CVE
CVE
added 2005/12/28 7:3 p.m.64 views

CVE-2005-4560

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different ...

7.5CVSS7.1AI score0.90524EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.63 views

CVE-2005-1984

Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.

7.5CVSS7.7AI score0.31431EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.62 views

CVE-2004-0568

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Te...

10CVSS7.9AI score0.21954EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.62 views

CVE-2005-0045

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vu...

7.5CVSS7.6AI score0.80833EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.62 views

CVE-2005-1979

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.

5CVSS6.6AI score0.78938EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.61 views

CVE-2005-0059

Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.

10CVSS7.4AI score0.888EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.60 views

CVE-2004-2339

Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Admi...

8.4CVSS7.7AI score0.01309EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.60 views

CVE-2005-0044

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

7.5CVSS7.4AI score0.37835EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0053

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

7.5CVSS7.6AI score0.69598EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0063

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Mi...

7.5CVSS7.1AI score0.6734EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.59 views

CVE-2005-2119

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAl...

5CVSS6.2AI score0.58234EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.57 views

CVE-2005-1978

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

7.5CVSS7.2AI score0.35539EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.56 views

CVE-2004-0894

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.

7.2CVSS6.5AI score0.01951EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.56 views

CVE-2004-1305

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or ...

5CVSS6.5AI score0.77406EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.56 views

CVE-2004-1319

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstra...

5CVSS6.6AI score0.34428EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.55 views

CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

2.1CVSS6.6AI score0.00206EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.55 views

CVE-2004-0897

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

10CVSS8.1AI score0.55007EPSS
CVE
CVE
added 2005/01/10 5:0 a.m.54 views

CVE-2004-0893

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."

7.2CVSS6.6AI score0.01018EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0048

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

7.5CVSS7.6AI score0.54851EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.54 views

CVE-2005-0058

Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.

7.5CVSS7.4AI score0.22011EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0550

Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".

2.1CVSS6.4AI score0.00988EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.54 views

CVE-2005-1649

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a r...

5CVSS6.5AI score0.80794EPSS
CVE
CVE
added 2005/06/13 4:0 a.m.53 views

CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as de...

7.5CVSS7.9AI score0.89651EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.53 views

CVE-2005-1980

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed ...

5CVSS6.4AI score0.68138EPSS
CVE
CVE
added 2005/11/17 11:2 a.m.53 views

CVE-2005-3644

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, ...

7.8CVSS6.7AI score0.73409EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.52 views

CVE-2005-1983

Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.

10CVSS7.6AI score0.87815EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.51 views

CVE-2002-1932

Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.

7.5CVSS6.9AI score0.26443EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.51 views

CVE-2004-1361

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

5CVSS7.9AI score0.19594EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.50 views

CVE-2005-0047

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

7.2CVSS7.1AI score0.06563EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.50 views

CVE-2005-0904

Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.

2.1CVSS6.7AI score0.01006EPSS
CVE
CVE
added 2005/11/29 9:3 p.m.50 views

CVE-2005-2124

Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "...

7.6CVSS7.5AI score0.76596EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.50 views

CVE-2005-2126

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filen...

2.6CVSS6.7AI score0.61694EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.50 views

CVE-2005-2307

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

5CVSS6.2AI score0.40005EPSS
CVE
CVE
added 2005/08/04 4:0 a.m.49 views

CVE-2004-2289

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

10CVSS7.2AI score0.15055EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.49 views

CVE-2005-0061

The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

7.2CVSS6.5AI score0.02964EPSS
CVE
CVE
added 2005/11/29 9:3 p.m.49 views

CVE-2005-2123

Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as...

7.5CVSS7.6AI score0.63244EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.48 views

CVE-2004-1306

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

5.1CVSS8AI score0.50695EPSS
Total number of security vulnerabilities81