Lucene search

K
MicrosoftWindows Xp

72 matches found

CVE
CVE
added 2004/08/18 4:0 a.m.748 views

CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

5CVSS9.1AI score0.11484EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.148 views

CVE-2002-1561

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

5CVSS6.6AI score0.60671EPSS
CVE
CVE
added 2013/11/13 12:55 a.m.145 views

CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service r...

5CVSS6.5AI score0.0806EPSS
CVE
CVE
added 2007/06/27 5:30 p.m.129 views

CVE-2006-7210

Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

5CVSS6.8AI score0.3106EPSS
CVE
CVE
added 2005/05/31 4:0 a.m.114 views

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they ap...

5CVSS6.2AI score0.86024EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.105 views

CVE-2004-0790

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0...

5CVSS7.5AI score0.79728EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.97 views

CVE-2004-0120

The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.

5CVSS7.2AI score0.78487EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.90 views

CVE-2005-2117

Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.

5.1CVSS7.2AI score0.61908EPSS
CVE
CVE
added 2003/10/20 4:0 a.m.88 views

CVE-2003-0661

The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.

5CVSS6.3AI score0.238EPSS
CVE
CVE
added 2014/03/12 5:15 a.m.82 views

CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for r...

5.4CVSS6.5AI score0.09151EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.78 views

CVE-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

5.1CVSS7.7AI score0.44287EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.74 views

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX re...

5CVSS6.2AI score0.40008EPSS
CVE
CVE
added 2009/04/15 8:0 a.m.71 views

CVE-2009-0089

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate ma...

5.8CVSS6.5AI score0.12911EPSS
CVE
CVE
added 2002/10/11 4:0 a.m.69 views

CVE-2002-0863

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."

5CVSS6.5AI score0.09512EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.67 views

CVE-2002-0864

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."

5CVSS6.5AI score0.20876EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.67 views

CVE-2005-2118

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explo...

5.1CVSS7.9AI score0.65565EPSS
CVE
CVE
added 2006/05/10 2:14 a.m.67 views

CVE-2006-1184

Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range me...

5CVSS6.3AI score0.58234EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.65 views

CVE-2001-0877

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed S...

5CVSS6.5AI score0.58991EPSS
CVE
CVE
added 2012/08/15 1:55 a.m.63 views

CVE-2012-1850

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote a...

5CVSS6.6AI score0.60252EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.62 views

CVE-2002-0057

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

5CVSS6.4AI score0.41761EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.62 views

CVE-2005-1979

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.

5CVSS6.6AI score0.78938EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.61 views

CVE-2002-0055

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

5CVSS6.7AI score0.48421EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.61 views

CVE-2002-1325

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

5CVSS6.4AI score0.05682EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.61 views

CVE-2004-0202

IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

5CVSS6.4AI score0.29468EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.61 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of i...

5CVSS6.7AI score0.54363EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.60 views

CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line ...

5.1CVSS7.8AI score0.63983EPSS
CVE
CVE
added 2003/12/15 5:0 a.m.59 views

CVE-2003-0824

Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.

5CVSS6.4AI score0.39523EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.59 views

CVE-2005-2119

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAl...

5CVSS6.2AI score0.58234EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.58 views

CVE-2003-0907

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

5.1CVSS7.8AI score0.42335EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.57 views

CVE-2003-0813

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a dif...

5.1CVSS6.5AI score0.89814EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.56 views

CVE-2004-1305

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or ...

5CVSS6.5AI score0.77406EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.56 views

CVE-2004-1319

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstra...

5CVSS6.6AI score0.34428EPSS
CVE
CVE
added 2002/12/23 5:0 a.m.55 views

CVE-2002-1258

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.

5CVSS6.8AI score0.01796EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.54 views

CVE-2005-1649

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a r...

5CVSS6.5AI score0.80794EPSS
CVE
CVE
added 2001/12/06 5:0 a.m.53 views

CVE-2001-0721

Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.

5CVSS7AI score0.19067EPSS
CVE
CVE
added 2002/05/31 4:0 a.m.53 views

CVE-2002-0283

Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.

5CVSS7.1AI score0.03445EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.53 views

CVE-2003-0807

Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.

5CVSS6.7AI score0.38004EPSS
CVE
CVE
added 2005/10/12 1:4 p.m.53 views

CVE-2005-1980

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed ...

5CVSS6.4AI score0.68138EPSS
CVE
CVE
added 2007/03/20 8:19 p.m.53 views

CVE-2007-1531

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

5CVSS6.3AI score0.49398EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.52 views

CVE-2001-0879

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

5CVSS7AI score0.10185EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.51 views

CVE-2004-1043

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as d...

5CVSS7.4AI score0.7018EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.51 views

CVE-2004-1361

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

5CVSS7.9AI score0.19594EPSS
CVE
CVE
added 2008/06/12 2:32 a.m.51 views

CVE-2008-1441

Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."

5.4CVSS6.3AI score0.57393EPSS
CVE
CVE
added 2005/07/19 4:0 a.m.50 views

CVE-2005-2307

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

5CVSS6.2AI score0.40005EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.49 views

CVE-2002-1256

The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying gro...

5CVSS6.1AI score0.20431EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.49 views

CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, ...

5CVSS7.4AI score0.38826EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.48 views

CVE-2004-1306

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

5.1CVSS8AI score0.50695EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/04/03 10:4 a.m.48 views

CVE-2006-1591

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

5.1CVSS7.8AI score0.28999EPSS
CVE
CVE
added 2006/11/14 10:7 p.m.48 views

CVE-2006-4689

Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerabili...

5CVSS6.6AI score0.62562EPSS
Total number of security vulnerabilities72