Lucene search

K
MicrosoftWindows Xp

278 matches found

CVE
CVE
added 2002/10/10 4:0 a.m.1067 views

CVE-2002-0370

Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 thr...

7.5CVSS7.9AI score0.32271EPSS
CVE
CVE
added 2013/11/28 12:55 a.m.1036 views

CVE-2013-5065

NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

7.8CVSS6.3AI score0.62653EPSS
CVE
CVE
added 2010/12/06 1:44 p.m.1004 views

CVE-2010-4398

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (...

7.8CVSS6.8AI score0.14487EPSS
CVE
CVE
added 2013/05/24 8:55 p.m.992 views

CVE-2013-3660

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next ob...

7.8CVSS6.5AI score0.67944EPSS
CVE
CVE
added 2010/01/21 7:30 p.m.984 views

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly va...

7.8CVSS6.2AI score0.73257EPSS
CVE
CVE
added 2011/10/12 2:52 a.m.961 views

CVE-2011-2005

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerabili...

7.8CVSS6.2AI score0.59278EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.947 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability...

7.8CVSS6.2AI score0.04402EPSS
CVE
CVE
added 2008/10/20 5:59 p.m.481 views

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

7.1CVSS8.8AI score0.00461EPSS
CVE
CVE
added 2017/06/15 8:29 p.m.308 views

CVE-2017-8461

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

7.8CVSS7.7AI score0.12528EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.248 views

CVE-2009-2524

Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a deni...

7.8CVSS6.5AI score0.46383EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.204 views

CVE-2003-0352

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

7.5CVSS7.5AI score0.89814EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.202 views

CVE-2003-0533

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute a...

7.5CVSS7.8AI score0.8878EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.154 views

CVE-2008-4114

srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is...

7.1CVSS7.4AI score0.82059EPSS
CVE
CVE
added 2011/12/30 1:55 a.m.125 views

CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which ...

7.8CVSS6.4AI score0.76674EPSS
CVE
CVE
added 2019/12/10 10:15 p.m.125 views

CVE-2019-1489

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.

7.5CVSS7.4AI score0.05113EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.124 views

CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the...

7.8CVSS6.4AI score0.70368EPSS
CVE
CVE
added 2012/06/12 10:55 p.m.122 views

CVE-2012-0217

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft...

7.2CVSS6.3AI score0.88861EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.106 views

CVE-2010-0022

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows...

7.8CVSS6.3AI score0.79033EPSS
CVE
CVE
added 2012/05/09 12:55 a.m.103 views

CVE-2012-0181

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain pri...

7.2CVSS6.2AI score0.05275EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.99 views

CVE-2010-0021

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "...

7.1CVSS6.4AI score0.1244EPSS
CVE
CVE
added 2012/05/09 12:55 a.m.95 views

CVE-2012-0180

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (...

7.8CVSS6.2AI score0.01535EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.94 views

CVE-2003-0818

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause...

7.5CVSS7.4AI score0.89651EPSS
CVE
CVE
added 2012/05/09 12:55 a.m.94 views

CVE-2012-1848

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local u...

7.2CVSS6.2AI score0.01724EPSS
CVE
CVE
added 2003/12/15 5:0 a.m.91 views

CVE-2003-0822

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.

7.5CVSS7.4AI score0.89141EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.90 views

CVE-2004-0117

Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.

7.5CVSS7.8AI score0.41605EPSS
CVE
CVE
added 2011/06/16 8:55 p.m.89 views

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges v...

7.2CVSS6.3AI score0.22388EPSS
CVE
CVE
added 2002/03/08 5:0 a.m.88 views

CVE-2002-0053

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and ot...

7.5CVSS7.8AI score0.63395EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.87 views

CVE-2005-1206

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

7.5CVSS7.8AI score0.57969EPSS
CVE
CVE
added 2014/02/12 4:50 a.m.83 views

CVE-2014-0266

The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to by...

7.1CVSS6.3AI score0.3746EPSS
CVE
CVE
added 2010/09/07 6:0 p.m.80 views

CVE-2010-2739

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operati...

7.2CVSS7.6AI score0.00927EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.77 views

CVE-2003-0906

Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

7.6CVSS7.9AI score0.45302EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.75 views

CVE-2003-0717

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

7.5CVSS7.9AI score0.79831EPSS
CVE
CVE
added 2007/06/06 9:30 p.m.75 views

CVE-2007-3091

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of ...

7.1CVSS7.2AI score0.18448EPSS
CVE
CVE
added 2002/09/24 4:0 a.m.74 views

CVE-2002-0724

Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buff...

7.5CVSS6.5AI score0.40265EPSS
CVE
CVE
added 2011/07/13 10:55 p.m.74 views

CVE-2011-1281

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a p...

7.2CVSS6.5AI score0.00773EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.73 views

CVE-2006-1314

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size r...

7.5CVSS7.8AI score0.76532EPSS
CVE
CVE
added 2013/07/10 3:46 a.m.73 views

CVE-2013-1345

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privi...

7.2CVSS6.3AI score0.03291EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.72 views

CVE-2003-0345

Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.

7.5CVSS8.1AI score0.46218EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.72 views

CVE-2006-2370

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corrupti...

7.5CVSS9.7AI score0.79591EPSS
CVE
CVE
added 2007/10/09 10:17 p.m.72 views

CVE-2007-2228

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via a...

7.8CVSS6.4AI score0.71221EPSS
CVE
CVE
added 2013/02/13 12:4 p.m.72 views

CVE-2013-1278

Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverage...

7.4CVSS6.2AI score0.00489EPSS
CVE
CVE
added 2013/11/18 3:55 a.m.72 views

CVE-2013-3876

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which all...

7.1CVSS6.2AI score0.02855EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.71 views

CVE-2001-0876

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.

7.5CVSS7.7AI score0.81678EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.71 views

CVE-2003-0806

Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.

7.5CVSS7.9AI score0.491EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.71 views

CVE-2004-0206

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," poss...

7.5CVSS7.5AI score0.80399EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.71 views

CVE-2010-1895

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vu...

7.2CVSS6.2AI score0.01635EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.70 views

CVE-2003-0719

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT ...

7.5CVSS7.8AI score0.70967EPSS
CVE
CVE
added 2014/03/12 5:15 a.m.69 views

CVE-2014-0300

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a ...

7.2CVSS6.4AI score0.00612EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.67 views

CVE-2005-0416

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

7.5CVSS7.6AI score0.47317EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.67 views

CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute...

7.8CVSS6.7AI score0.00965EPSS
Total number of security vulnerabilities278