Lucene search
K
MicrosoftWindows-nt

15 matches found

CVE
CVE
added 2008/09/10 3:0 p.m.137 views

CVE-2007-5348

The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...

9.3CVSS8AI score0.52886EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.103 views

CVE-2008-3014

CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...

9.3CVSS7.8AI score0.36722EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.85 views

CVE-2008-3012

CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...

9.3CVSS7.7AI score0.31037EPSS
CVE
CVE
added 2008/04/21 5:0 p.m.79 views

CVE-2008-1436

The CVE-2008-1436 entry describes a privilege-escalation token kidnapping issue in Windows where improper handling of SeImpersonatePrivilege could allow a context-dependant attacker to gain LocalSystem privileges by coordinating between two service processes. Public details in connected MS bullet...

9CVSS6.5AI score0.36829EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.74 views

CVE-2008-3008

CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...

9.3CVSS7.6AI score0.54553EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.69 views

CVE-2008-1087

CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...

9.3CVSS7.8AI score0.56603EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.68 views

CVE-2008-1435

CVE-2008-1435 (Windows Saved Search Vulnerability) affects Windows Vista (up to SP1) and Windows Server 2008. A remote code execution flaw arises when saving crafted saved-search (.search-ms) files, due to insecure parsing/handling by Windows Explorer. Exploitation requires a user to open and sav...

9.3CVSS6.9AI score0.28561EPSS
CVE
CVE
added 2008/08/13 10:0 a.m.66 views

CVE-2008-1457

CVE-2008-1457 describes a remote code execution vulnerability in the Microsoft Windows Event System. The flaw occurs when creating per-user subscriptions, allowing an attacker with valid logon credentials to craft a subscription request that could run arbitrary code with system privileges. Affect...

9CVSS7AI score0.36269EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.64 views

CVE-2006-0005

The CVE-2006-0005 vulnerability is a buffer overflow in the Windows Media Player plug-in (npdsplay.dll) used by non‑Microsoft browsers. When a user views HTML containing an EMBED tag with a long src attribute, it may allow remote code execution in the user’s context. Affected software includes Wi...

9.3CVSS7.4AI score0.43861EPSS
Web
CVE
CVE
added 2008/08/13 10:0 a.m.61 views

CVE-2008-1456

CVE-2008-1456 describes a remote code execution vulnerability in the Windows Event System caused by improper validation when indexing an array of function pointers. Affected products include Windows 2000 SP4, XP (SP2/SP3), Server 2003 (SP1/SP2), Vista (initial and SP1), and Server 2008. The issue...

9CVSS7AI score0.28018EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.59 views

CVE-2008-1086

The CVE-2008-1086 issue concerns the hxvz.dll ActiveX control (HxTocCtrl) used by Microsoft Help 2.5 and exposed in Internet Explorer on Windows XP SP2, Server 2003 SP1/SP2, Vista SP1, and Server 2008. The vulnerability is a memory corruption flaw triggered by malformed arguments to the ActiveX c...

9.3CVSS7.4AI score0.30543EPSS
Web
CVE
CVE
added 2008/06/12 1:30 a.m.59 views

CVE-2008-1445

CVE-2008-1445 corresponds to a denial-of-service vulnerability in Active Directory affecting Windows 2000 Server SP4, Windows XP Professional SP2/SP3, Windows Server 2003 SP1/SP2, and Windows Server 2008. The issue arises from insufficient validation of specially crafted LDAP requests, allowing r...

7.1CVSS6AI score0.27144EPSS
CVE
CVE
added 2008/06/12 1:30 a.m.59 views

CVE-2008-1453

The CVE-2008-1453 issue affects the Windows Bluetooth stack in Windows XP SP2/SP3 and Windows Vista SP1. It arises from how the Bluetooth stack handles a large number of Service Description Protocol (SDP) requests, allowing physically proximate attackers to execute arbitrary code and potentially ...

8.3CVSS7.2AI score0.02387EPSS
CVE
CVE
added 2008/08/13 12:0 a.m.50 views

CVE-2008-2246

The CVE-2008-2246 issue is an information-disclosure vulnerability in IPsec policy processing when importing a Windows Server 2003 IPsec policy into Windows Server 2008 domains. Affected products include Windows Vista (SP1) and Windows Server 2008 (and variants listed by OpenVAS/Nessus entries). ...

7.8CVSS6.4AI score0.32064EPSS
CVE
CVE
added 2008/04/14 4:0 p.m.47 views

CVE-2008-0927

The CVE-2008-0927 issue is in dhost.exe of Novell eDirectory. Affected products are eDirectory versions before SP10 of 8.7.3 and before 8.8.2, where the dhost.exe process can be forced to consume 100% CPU (DoS) by certain HTTP requests that abuse Connection headers (either multiple Connection hea...

5CVSS6.3AI score0.7005EPSS
Web