Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
Max CVSS
7.9
EPSS Score
0.07%
Published
2012-11-14
Updated
2023-12-07
Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability."
Max CVSS
7.9
EPSS Score
7.60%
Published
2013-11-13
Updated
2018-10-12
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.
Max CVSS
7.9
EPSS Score
1.88%
Published
2017-03-17
Updated
2019-10-03
Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."
Max CVSS
7.9
EPSS Score
30.01%
Published
2017-07-11
Updated
2019-10-03
<p>An elevation of privilege vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft COM for Windows handles objects in memory.</p>
Max CVSS
7.9
EPSS Score
0.14%
Published
2020-09-11
Updated
2023-12-31
Windows Hyper-V Remote Code Execution Vulnerability
Max CVSS
7.9
EPSS Score
0.22%
Published
2022-02-09
Updated
2023-06-29
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
Max CVSS
7.8
EPSS Score
0.31%
Published
1999-11-29
Updated
2018-10-12
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
Max CVSS
7.8
EPSS Score
90.13%
Published
1999-01-26
Updated
2008-09-09
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
Max CVSS
7.8
EPSS Score
0.35%
Published
1999-07-20
Updated
2018-10-12
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
Max CVSS
7.8
EPSS Score
0.35%
Published
1999-06-30
Updated
2018-10-12
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
Max CVSS
7.8
EPSS Score
0.22%
Published
1999-07-06
Updated
2018-10-12
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
Max CVSS
7.8
EPSS Score
0.43%
Published
1999-07-03
Updated
2018-10-12
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
Max CVSS
7.8
EPSS Score
2.04%
Published
1999-12-16
Updated
2018-10-12
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
Max CVSS
7.8
EPSS Score
1.45%
Published
2000-05-19
Updated
2018-10-12
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
Max CVSS
7.8
EPSS Score
0.06%
Published
2001-07-16
Updated
2024-02-02
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
Max CVSS
7.8
EPSS Score
0.68%
Published
2002-04-04
Updated
2024-02-08
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
Max CVSS
7.8
EPSS Score
0.13%
Published
2002-12-31
Updated
2024-02-08
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
Max CVSS
7.8
EPSS Score
12.38%
Published
2003-12-31
Updated
2019-04-30
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
Max CVSS
7.8
EPSS Score
1.20%
Published
2004-08-06
Updated
2024-02-14
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
Max CVSS
7.8
EPSS Score
30.00%
Published
2005-11-17
Updated
2019-04-30
The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
Max CVSS
7.8
EPSS Score
0.59%
Published
2005-12-01
Updated
2019-04-30
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
Max CVSS
7.8
EPSS Score
0.04%
Published
2005-12-15
Updated
2008-09-05
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
Max CVSS
7.8
EPSS Score
96.71%
Published
2005-12-20
Updated
2021-11-08
The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
Max CVSS
7.8
EPSS Score
2.51%
Published
2005-12-31
Updated
2021-07-23
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
Max CVSS
7.8
EPSS Score
96.52%
Published
2006-02-14
Updated
2018-10-19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!