Lucene search

K

367 matches found

CVE
CVE
added 2010/07/22 10:0 a.m.1617 views

CVE-2010-2568

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explor...

9.3CVSS7.7AI score0.93296EPSS
CVE
CVE
added 2012/04/10 9:55 p.m.1057 views

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE...

9.3CVSS5.8AI score0.88546EPSS
CVE
CVE
added 2013/11/28 12:55 a.m.1036 views

CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

7.8CVSS6.3AI score0.62653EPSS
CVE
CVE
added 2010/12/06 1:44 p.m.1004 views

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (...

7.8CVSS6.8AI score0.14487EPSS
CVE
CVE
added 2013/05/24 8:55 p.m.992 views

CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next ob...

7.8CVSS6.5AI score0.67944EPSS
CVE
CVE
added 2010/01/21 7:30 p.m.984 views

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly va...

7.8CVSS6.2AI score0.73257EPSS
CVE
CVE
added 2011/10/12 2:52 a.m.961 views

CVE-2011-2005

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerabili...

7.8CVSS6.2AI score0.59278EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.947 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability...

7.8CVSS6.2AI score0.04402EPSS
CVE
CVE
added 2004/08/18 4:0 a.m.748 views

CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

5CVSS9.1AI score0.11484EPSS
CVE
CVE
added 2008/10/23 10:0 p.m.525 views

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by...

10CVSS9.5AI score0.94126EPSS
CVE
CVE
added 2008/10/20 5:59 p.m.481 views

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

7.1CVSS8.8AI score0.00461EPSS
CVE
CVE
added 2017/06/15 8:29 p.m.308 views

CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

7.8CVSS7.7AI score0.12528EPSS
CVE
CVE
added 2012/03/13 9:55 p.m.303 views

CVE-2012-0002

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code ...

9.3CVSS9.5AI score0.87223EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.248 views

CVE-2009-2524

Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a deni...

7.8CVSS6.5AI score0.46383EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.212 views

CVE-2013-0810

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."

9.3CVSS7.7AI score0.83288EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.185 views

CVE-2011-0657

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a cr...

9.8CVSS7.6AI score0.49697EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.174 views

CVE-2010-0480

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stac...

9.3CVSS7.5AI score0.81749EPSS
CVE
CVE
added 2012/08/15 1:55 a.m.163 views

CVE-2012-1851

Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler ...

10CVSS7.5AI score0.67848EPSS
CVE
CVE
added 2010/03/10 10:30 p.m.158 views

CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, a...

9.3CVSS7.3AI score0.91165EPSS
CVE
CVE
added 2011/11/08 9:55 p.m.157 views

CVE-2011-2014

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windo...

9CVSS6.2AI score0.07075EPSS
CVE
CVE
added 2012/01/10 9:55 p.m.154 views

CVE-2012-0004

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, ...

9.3CVSS8AI score0.5796EPSS
CVE
CVE
added 2013/01/09 6:9 p.m.154 views

CVE-2013-0007

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."

9.3CVSS7.5AI score0.26376EPSS
CVE
CVE
added 2013/10/09 2:53 p.m.152 views

CVE-2013-3128

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary...

9.3CVSS7.3AI score0.52356EPSS
CVE
CVE
added 2014/04/08 11:55 p.m.150 views

CVE-2014-0315

Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Tr...

6.9CVSS6.3AI score0.2964EPSS
CVE
CVE
added 2012/11/14 12:55 a.m.148 views

CVE-2012-1527

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefca...

9.3CVSS6.4AI score0.46648EPSS
CVE
CVE
added 2013/11/13 12:55 a.m.145 views

CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service r...

5CVSS6.5AI score0.0806EPSS
CVE
CVE
added 2011/10/12 2:52 a.m.144 views

CVE-2011-2003

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library ...

9.3CVSS7.6AI score0.70736EPSS
CVE
CVE
added 2012/08/15 1:55 a.m.143 views

CVE-2012-1852

Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerabil...

10CVSS8.2AI score0.62065EPSS
CVE
CVE
added 2013/02/13 12:4 p.m.142 views

CVE-2013-0077

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerabili...

9.3CVSS7.5AI score0.51863EPSS
CVE
CVE
added 2012/07/10 9:55 p.m.135 views

CVE-2012-0175

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."

9.3CVSS7.8AI score0.47895EPSS
CVE
CVE
added 2013/11/12 2:35 p.m.135 views

CVE-2013-3918

The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote...

9.3CVSS7.5AI score0.86881EPSS
CVE
CVE
added 2012/12/12 12:55 a.m.133 views

CVE-2012-4774

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destina...

9.3CVSS7.5AI score0.54161EPSS
CVE
CVE
added 2013/12/11 12:55 a.m.133 views

CVE-2013-5056

Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote...

9.3CVSS7.3AI score0.37484EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.132 views

CVE-2010-0020

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to e...

9CVSS7.1AI score0.39978EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.132 views

CVE-2010-0028

Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."

9.3CVSS7.7AI score0.69314EPSS
CVE
CVE
added 2010/09/15 7:0 p.m.127 views

CVE-2010-2729

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create fi...

9.3CVSS9.2AI score0.79463EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.125 views

CVE-2019-1489

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.

7.5CVSS7.4AI score0.05113EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.123 views

CVE-2010-0231

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain ac...

10CVSS9AI score0.51842EPSS
CVE
CVE
added 2010/12/16 7:33 p.m.122 views

CVE-2010-3956

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTy...

9.3CVSS6.3AI score0.404EPSS
CVE
CVE
added 2012/11/14 12:55 a.m.121 views

CVE-2012-1528

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcas...

9.3CVSS6.6AI score0.46648EPSS
CVE
CVE
added 2008/09/11 1:1 a.m.114 views

CVE-2007-5348

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 20...

9.3CVSS8AI score0.76417EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.113 views

CVE-2010-2550

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SM...

10CVSS9.3AI score0.81407EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.108 views

CVE-2009-2507

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corr...

9.3CVSS7.1AI score0.46104EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.106 views

CVE-2010-0022

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows...

7.8CVSS6.3AI score0.79033EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.103 views

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3)...

9.3CVSS9.4AI score0.41906EPSS
CVE
CVE
added 2013/07/10 3:46 a.m.103 views

CVE-2013-3174

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vuln...

9.3CVSS7.4AI score0.18461EPSS
CVE
CVE
added 2013/01/09 6:9 p.m.101 views

CVE-2013-0006

Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."

9.3CVSS7.5AI score0.59737EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.100 views

CVE-2009-1930

The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection ...

10CVSS7.5AI score0.46181EPSS
CVE
CVE
added 2009/07/07 11:30 p.m.99 views

CVE-2008-0020

Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2...

9.3CVSS7.4AI score0.84093EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.99 views

CVE-2010-0021

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "...

7.1CVSS6.4AI score0.1244EPSS
Total number of security vulnerabilities367