|
|
Microsoft » Windows Xp : Security Vulnerabilities (CVSS score between 4 and 4.99)
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1294 |
362 |
|
+Priv |
2013-04-09 |
2013-04-10 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability." |
|
2 |
CVE-2013-1277 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
3 |
CVE-2013-1276 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
4 |
CVE-2013-1275 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
5 |
CVE-2013-1274 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
6 |
CVE-2013-1273 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
7 |
CVE-2013-1272 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
8 |
CVE-2013-1271 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
9 |
CVE-2013-1270 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
10 |
CVE-2013-1269 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
11 |
CVE-2013-1268 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
12 |
CVE-2013-1267 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
13 |
CVE-2013-1266 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
14 |
CVE-2013-1265 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
15 |
CVE-2013-1264 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
16 |
CVE-2013-1263 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
17 |
CVE-2013-1262 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
18 |
CVE-2013-1261 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
19 |
CVE-2013-1260 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
20 |
CVE-2013-1259 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
21 |
CVE-2013-1258 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
22 |
CVE-2013-1257 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
23 |
CVE-2013-1256 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
24 |
CVE-2013-1255 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
25 |
CVE-2013-1254 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
26 |
CVE-2013-1253 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
27 |
CVE-2013-1252 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
28 |
CVE-2013-1251 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
29 |
CVE-2013-1250 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
30 |
CVE-2013-1249 |
362 |
|
+Priv |
2013-02-13 |
2013-02-15 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
31 |
CVE-2013-1248 |
362 |
|
+Priv |
2013-02-13 |
2013-02-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. |
|
32 |
CVE-2012-1870 |
200 |
|
+Info |
2012-07-10 |
2013-03-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." |
|
33 |
CVE-2011-1894 |
79 |
|
XSS |
2011-06-16 |
2011-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." |
|
34 |
CVE-2011-0096 |
79 |
1
|
XSS |
2011-01-31 |
2011-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." |
|
35 |
CVE-2011-0030 |
264 |
|
+Priv +Info |
2011-02-08 |
2013-02-14 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. |
|
36 |
CVE-2010-4562 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. |
|
37 |
CVE-2010-2265 |
79 |
|
Exec Code XSS |
2010-06-15 |
2010-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. |
|
38 |
CVE-2010-1887 |
20 |
|
DoS |
2010-08-11 |
2010-08-21 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." |
|
39 |
CVE-2010-1735 |
20 |
|
DoS |
2010-05-06 |
2010-05-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
|
40 |
CVE-2010-1734 |
20 |
|
DoS |
2010-05-06 |
2010-05-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
|
41 |
CVE-2010-0719 |
20 |
|
DoS |
2010-02-26 |
2010-06-05 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. |
|
42 |
CVE-2010-0494 |
200 |
|
XSS Bypass +Info |
2010-03-31 |
2012-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." |
|
43 |
CVE-2010-0488 |
200 |
|
Bypass +Info |
2010-03-31 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." |
|
44 |
CVE-2010-0238 |
20 |
|
DoS |
2010-04-14 |
2010-08-21 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." |
|
45 |
CVE-2010-0235 |
20 |
|
DoS |
2010-04-14 |
2010-08-21 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." |
|
46 |
CVE-2010-0234 |
20 |
|
DoS |
2010-04-14 |
2010-08-21 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." |
|
47 |
CVE-2009-2653 |
264 |
1
|
+Priv Bypass |
2009-08-03 |
2009-08-11 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.' |
|
48 |
CVE-2009-1808 |
|
|
DoS |
2009-05-28 |
2009-06-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. |
|
49 |
CVE-2009-1217 |
189 |
|
DoS Overflow |
2009-04-01 |
2009-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, as demonstrated by voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData integer overflow." |
|
50 |
CVE-2009-0320 |
200 |
|
+Info |
2009-01-28 |
2009-01-29 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack." |
Total number of vulnerabilities : 68
Page :
1
(This Page) 2
|
|
