Lucene search

K
MicrosoftWindows Xp

23 matches found

CVE
CVE
added 2005/11/16 7:37 a.m.97 views

CVE-2002-2132

Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

2.1CVSS6.8AI score0.00757EPSS
CVE
CVE
added 2006/03/29 1:6 a.m.59 views

CVE-2006-1476

Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious "....

2.6CVSS6.2AI score0.17199EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.55 views

CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

2.1CVSS6.6AI score0.00206EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.55 views

CVE-2004-0207

"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs...

2.1CVSS6.5AI score0.01588EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0550

Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".

2.1CVSS6.4AI score0.00988EPSS
CVE
CVE
added 2006/10/31 1:7 a.m.54 views

CVE-2006-5614

Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.

2.6CVSS6.6AI score0.88425EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.50 views

CVE-2005-0904

Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.

2.1CVSS6.7AI score0.01006EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.50 views

CVE-2005-2126

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filen...

2.6CVSS6.7AI score0.61694EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.49 views

CVE-2011-1886

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validation ...

2.1CVSS5.9AI score0.00399EPSS
CVE
CVE
added 2006/08/10 1:4 a.m.48 views

CVE-2006-4071

Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.

2.6CVSS6.4AI score0.22839EPSS
CVE
CVE
added 2006/05/12 12:2 a.m.47 views

CVE-2006-2334

The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or p...

2.1CVSS6.5AI score0.02858EPSS
CVE
CVE
added 2006/02/01 8:0 p.m.46 views

CVE-2005-4696

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

2.1CVSS6.8AI score0.0531EPSS
CVE
CVE
added 2007/07/12 4:30 p.m.45 views

CVE-2007-3724

The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allow...

2.1CVSS6.1AI score0.00263EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.43 views

CVE-2004-0124

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

2.6CVSS6.5AI score0.36362EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.42 views

CVE-2001-1570

Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.

2.1CVSS6.7AI score0.00283EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.42 views

CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

2.1CVSS6.9AI score0.01101EPSS
CVE
CVE
added 2005/08/05 4:0 a.m.41 views

CVE-2002-2105

Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.

2.1CVSS6.5AI score0.00392EPSS
CVE
CVE
added 2006/02/01 2:2 a.m.41 views

CVE-2006-0488

The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.

2.1CVSS6.2AI score0.01421EPSS
CVE
CVE
added 2006/03/29 1:6 a.m.41 views

CVE-2006-1475

Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windo...

2.1CVSS6.2AI score0.0038EPSS
CVE
CVE
added 2006/02/01 8:0 p.m.40 views

CVE-2005-4697

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.

2.1CVSS6.7AI score0.01258EPSS
CVE
CVE
added 2005/09/01 10:3 p.m.39 views

CVE-2005-2765

The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the...

2.1CVSS6.8AI score0.00399EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.38 views

CVE-2004-2365

Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.

2.1CVSS6.6AI score0.00237EPSS
CVE
CVE
added 2006/08/10 12:4 a.m.36 views

CVE-2006-4066

The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messen...

2.6CVSS6.8AI score0.22263EPSS