Windows Xp@- Security Vulnerabilities and Issues — Windows Xp@- CVE List

Lucene search

MicrosoftWindows Xp-

85 matches found

CVE•added 2011/10/12 2:52 a.m.•962 views

CVE-2011-2005

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerabili...

7.8CVSS6.2AI score0.59278EPSS

CVE•added 2011/04/13 6:55 p.m.•185 views

CVE-2011-0657

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a cr...

9.8CVSS7.6AI score0.49697EPSS

CVE•added 2011/11/08 9:55 p.m.•157 views

CVE-2011-2014

The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windo...

9CVSS6.2AI score0.07075EPSS

CVE•added 2011/10/12 2:52 a.m.•144 views

CVE-2011-2003

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library ...

9.3CVSS7.6AI score0.70736EPSS

CVE•added 2011/06/16 8:55 p.m.•89 views

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges v...

7.2CVSS6.3AI score0.22388EPSS

CVE•added 2011/04/13 6:55 p.m.•82 views

CVE-2011-0661

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a ...

10CVSS7.6AI score0.63002EPSS

CVE•added 2011/09/15 12:26 p.m.•78 views

CVE-2011-1991

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demons...

9.3CVSS6.6AI score0.40461EPSS

CVE•added 2011/07/13 10:55 p.m.•74 views

CVE-2011-1281

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a p...

7.2CVSS6.5AI score0.00773EPSS

CVE•added 2011/03/09 11:0 p.m.•70 views

CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Libra...

9.3CVSS6.3AI score0.34048EPSS

CVE•added 2011/12/14 12:55 a.m.•69 views

CVE-2011-3400

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."

9.3CVSS7.4AI score0.85207EPSS

CVE•added 2011/04/13 8:26 p.m.•66 views

CVE-2011-1231

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

8.4CVSS6.4AI score0.00702EPSS

CVE•added 2011/08/10 9:55 p.m.•65 views

CVE-2011-1967

Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process de...

7.2CVSS6.4AI score0.00214EPSS

CVE•added 2011/07/13 11:55 p.m.•64 views

CVE-2011-1885

7.2CVSS6.4AI score0.00914EPSS

CVE•added 2011/08/10 9:55 p.m.•64 views

CVE-2011-1974

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

7.2CVSS6.4AI score0.18854EPSS

CVE•added 2011/04/13 6:55 p.m.•63 views

CVE-2011-0034

Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary cod...

9.3CVSS8AI score0.46866EPSS

CVE•added 2011/04/13 8:26 p.m.•62 views

CVE-2011-1229

7.2CVSS6.4AI score0.00689EPSS

CVE•added 2011/10/12 2:52 a.m.•62 views

CVE-2011-1985

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of ser...

7.2CVSS6.4AI score0.06147EPSS

CVE•added 2011/04/13 6:55 p.m.•61 views

CVE-2011-0028

WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."

9.3CVSS7.5AI score0.54161EPSS

CVE•added 2011/07/13 11:55 p.m.•61 views

CVE-2011-1282

8.4CVSS6.6AI score0.01099EPSS

CVE•added 2011/04/13 6:55 p.m.•60 views

CVE-2010-3974

fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary co...

7.6CVSS7.5AI score0.4249EPSS

CVE•added 2011/02/09 1:0 a.m.•60 views

CVE-2011-0090

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.00669EPSS

CVE•added 2011/06/16 8:55 p.m.•60 views

CVE-2011-1268

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Pars...

10CVSS7.5AI score0.3709EPSS

CVE•added 2011/04/13 8:26 p.m.•59 views

CVE-2011-0676

7.8CVSS6.4AI score0.0092EPSS

CVE•added 2011/01/20 9:0 p.m.•58 views

CVE-2010-2743

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka...

7.2CVSS6.1AI score0.09012EPSS

CVE•added 2011/07/13 11:55 p.m.•58 views

CVE-2011-1876

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/12/14 12:55 a.m.•58 views

CVE-2011-3406

Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remo...

9CVSS7.5AI score0.41283EPSS

CVE•added 2011/10/12 2:52 a.m.•57 views

CVE-2011-2011

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages i...

7.2CVSS6.4AI score0.00425EPSS

CVE•added 2011/07/13 11:55 p.m.•56 views

CVE-2011-1880

7.2CVSS6.4AI score0.00914EPSS

CVE•added 2011/12/14 12:55 a.m.•56 views

CVE-2011-3397

The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."

9.3CVSS8AI score0.42611EPSS

CVE•added 2011/12/14 12:55 a.m.•56 views

CVE-2011-3408

Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process de...

7.2CVSS6.5AI score0.00237EPSS

CVE•added 2011/04/13 6:55 p.m.•55 views

CVE-2011-0662

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•55 views

CVE-2011-1238

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•55 views

CVE-2011-1284

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cau...

7.2CVSS6.8AI score0.01181EPSS

CVE•added 2011/04/13 8:26 p.m.•54 views

CVE-2011-0677

7.2CVSS6.4AI score0.00827EPSS

CVE•added 2011/07/13 11:55 p.m.•54 views

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect m...

7.2CVSS6.8AI score0.03122EPSS

CVE•added 2011/04/13 8:26 p.m.•53 views

CVE-2011-1230

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•53 views

CVE-2011-1242

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/10/12 2:52 a.m.•53 views

CVE-2011-1247

Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in th...

9.3CVSS6.4AI score0.18918EPSS

CVE•added 2011/06/16 8:55 p.m.•53 views

CVE-2011-1869

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted refe...

7.8CVSS6.5AI score0.34157EPSS

CVE•added 2011/07/13 11:55 p.m.•53 views

CVE-2011-1874

7.8CVSS6.4AI score0.01004EPSS

CVE•added 2011/04/13 6:55 p.m.•52 views

CVE-2011-0041

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

9.3CVSS7.6AI score0.7426EPSS

CVE•added 2011/04/13 8:26 p.m.•52 views

CVE-2011-1240

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/06/16 8:55 p.m.•51 views

CVE-2011-0658

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a ...

9.3CVSS7.5AI score0.31103EPSS

CVE•added 2011/04/13 6:55 p.m.•51 views

CVE-2011-0670

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0671

8.4CVSS6.5AI score0.01054EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0672

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-1227

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/07/13 11:55 p.m.•51 views

CVE-2011-1875

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•50 views

CVE-2011-0087

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validati...

7.2CVSS6.3AI score0.00751EPSS

CVE•added 2011/07/13 11:55 p.m.•50 views

CVE-2011-1881

8.4CVSS6.4AI score0.00759EPSS

Total number of security vulnerabilities85