English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Microsoft Windows 2000 Server SP4

CPE Details

Microsoft Windows 2000 Server SP4
microsoft
windows_2000
-
2007-08-23 19:16 +00:00
2019-04-30 12:27 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:o:microsoft:windows_2000:-:sp4:server:*:*:*:*:*

Informations

Vendor

microsoft

Product

windows_2000

Version

-

Update

sp4

edition

server

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-2717 2022-10-03 14:24 +00:00 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
6.8
CVE-2002-0034 2022-10-03 14:23 +00:00 The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
4.6
CVE-2002-2028 2022-10-03 14:23 +00:00 The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
2.1
CVE-2002-2401 2022-10-03 14:23 +00:00 NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
3.6
CVE-2002-2077 2022-10-03 14:23 +00:00 The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
5
CVE-2002-2328 2022-10-03 14:23 +00:00 Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
7.1
CVE-2002-1932 2022-10-03 14:23 +00:00 Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
7.5
CVE-1999-1593 2022-10-03 14:23 +00:00 Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.
7.6
CVE-2001-1517 2022-10-03 14:22 +00:00 RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
2.1
CVE-2001-1518 2022-10-03 14:22 +00:00 RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
2.1
CVE-2001-1519 2022-10-03 14:22 +00:00 RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
3.6
CVE-2001-1560 2022-10-03 14:22 +00:00 Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
2.1
CVE-2000-1227 2022-10-03 14:22 +00:00 Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
5
CVE-2010-2594 2022-10-03 14:21 +00:00 Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
6.8
CVE-2010-4562 2022-10-03 14:21 +00:00 Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
4.3
CVE-2010-1690 2022-10-03 14:21 +00:00 The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6.4
CVE-2010-1689 2022-10-03 14:21 +00:00 The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
6.4
CVE-2007-6043 2022-10-03 14:14 +00:00 The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
7.1
CVE-2011-5279 2014-04-23 18:00 +00:00 CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
5
CVE-2012-3324 2012-09-25 18:00 +00:00 Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
9
CVE-2007-6753 2012-03-28 17:00 +00:00 Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
6.2
CVE-2010-3268 2010-12-22 19:00 +00:00 The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request.
5
CVE-2010-0484 2010-06-08 20:00 +00:00 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
6.8
CVE-2010-0485 2010-06-08 20:00 +00:00 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
6.8
CVE-2010-1255 2010-06-08 20:00 +00:00 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
6.8
CVE-2010-1259 2010-06-08 20:00 +00:00 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2010-1262 2010-06-08 20:00 +00:00 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."
9.3
CVE-2010-1880 2010-06-08 20:00 +00:00 Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
9.3
CVE-2010-0819 2010-06-08 18:00 +00:00 Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
7.2
CVE-2010-0816 2010-05-11 23:00 +00:00 Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability."
9.3
CVE-2010-1734 2010-05-05 16:00 +00:00 The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4.9
CVE-2010-1735 2010-05-05 16:00 +00:00 The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4.9
CVE-2010-0024 2010-04-14 13:44 +00:00 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
5
CVE-2010-0025 2010-04-14 13:44 +00:00 The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
5
CVE-2010-0234 2010-04-14 13:44 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
4.7
CVE-2010-0235 2010-04-14 13:44 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
4.7
CVE-2010-0236 2010-04-14 13:44 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
7.2
CVE-2010-0237 2010-04-14 13:44 +00:00 The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
6.9
CVE-2010-0238 2010-04-14 13:44 +00:00 Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
4.9
CVE-2010-0268 2010-04-14 13:44 +00:00 Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
9.3
CVE-2010-0269 2010-04-14 13:44 +00:00 The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
10
CVE-2010-0478 2010-04-14 13:44 +00:00 Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
9.3
CVE-2010-0480 2010-04-14 13:44 +00:00 Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
9.3
CVE-2010-0486 2010-04-14 13:44 +00:00 The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
9.3
CVE-2010-0487 2010-04-14 13:44 +00:00 The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
9.3
CVE-2010-0267 2010-03-31 17:00 +00:00 Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2010-0488 2010-03-31 17:00 +00:00 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
4.3
CVE-2010-0489 2010-03-31 17:00 +00:00 Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."
9.3
CVE-2010-0491 2010-03-31 17:00 +00:00 Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."
9.3
CVE-2010-0494 2010-03-31 17:00 +00:00 Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
4.3
CVE-2010-0805 2010-03-31 17:00 +00:00 The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
9.3
CVE-2010-0806 2010-03-10 21:00 +00:00 Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2010-0483 2010-03-03 18:00 +00:00 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
7.6
CVE-2010-0917 2010-03-03 18:00 +00:00 Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
7.6
CVE-2010-0719 2010-02-26 18:00 +00:00 An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
4.7
CVE-2010-0705 2010-02-25 17:03 +00:00 Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
7.2
CVE-2010-0016 2010-02-10 17:00 +00:00 The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
9.3
CVE-2010-0020 2010-02-10 17:00 +00:00 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
9
CVE-2010-0021 2010-02-10 17:00 +00:00 Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
7.1
CVE-2010-0022 2010-02-10 17:00 +00:00 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
7.8
CVE-2010-0023 2010-02-10 17:00 +00:00 The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
6.9
CVE-2010-0028 2010-02-10 17:00 +00:00 Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
9.3
CVE-2010-0035 2010-02-10 17:00 +00:00 The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
6.3
CVE-2010-0231 2010-02-10 17:00 +00:00 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
10
CVE-2010-0252 2010-02-10 17:00 +00:00 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
9.3
CVE-2010-0555 2010-02-04 19:00 +00:00 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.
9.3
CVE-2010-0255 2010-02-04 18:00 +00:00 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.
4.3
CVE-2010-0027 2010-01-22 20:20 +00:00 The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
9.3
CVE-2010-0244 2010-01-22 20:20 +00:00 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
9.3
CVE-2010-0247 2010-01-22 20:20 +00:00 Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2010-0248 2010-01-22 20:20 +00:00 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."
9.3
CVE-2010-0249 2010-01-15 16:00 +00:00 Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
8.8
HIGH
CVE-2010-0018 2010-01-13 18:00 +00:00 Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."
9.3
CVE-2009-4210 2009-12-13 00:00 +00:00 The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
9.3
CVE-2009-4309 2009-12-13 00:00 +00:00 Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
9.3
CVE-2009-4310 2009-12-13 00:00 +00:00 Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
9.3
CVE-2009-4311 2009-12-13 00:00 +00:00 Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
9.3
CVE-2009-4312 2009-12-13 00:00 +00:00 Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
9.3
CVE-2009-4313 2009-12-13 00:00 +00:00 ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
9.3
CVE-2009-2506 2009-12-09 17:00 +00:00 Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
9.3
CVE-2009-3671 2009-12-09 17:00 +00:00 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
9.3
CVE-2009-3673 2009-12-09 17:00 +00:00 Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-3674 2009-12-09 17:00 +00:00 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
9.3
CVE-2009-3677 2009-12-09 17:00 +00:00 The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
10
CVE-2009-3672 2009-12-02 10:00 +00:00 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
9.3
CVE-2009-1127 2009-11-11 18:00 +00:00 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
7.2
CVE-2009-1928 2009-11-11 18:00 +00:00 Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."
7.8
CVE-2009-2513 2009-11-11 18:00 +00:00 The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
7.2
CVE-2009-2514 2009-11-11 18:00 +00:00 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
9.3
CVE-2009-2523 2009-11-11 18:00 +00:00 The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
10
CVE-2009-0090 2009-10-14 08:00 +00:00 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
9.3
CVE-2009-0091 2009-10-14 08:00 +00:00 Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
9.3
CVE-2009-0555 2009-10-14 08:00 +00:00 Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
9.3
CVE-2009-1547 2009-10-14 08:00 +00:00 Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
9.3
CVE-2009-2497 2009-10-14 08:00 +00:00 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
9.3
CVE-2009-2500 2009-10-14 08:00 +00:00 Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
9.3
CVE-2009-2501 2009-10-14 08:00 +00:00 Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
9.3
CVE-2009-2502 2009-10-14 08:00 +00:00 Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
9.3
CVE-2009-2503 2009-10-14 08:00 +00:00 GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
9.3
CVE-2009-2504 2009-10-14 08:00 +00:00 Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
9.3
CVE-2009-2507 2009-10-14 08:00 +00:00 A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
9.3
CVE-2009-2510 2009-10-14 08:00 +00:00 The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
6.8
CVE-2009-2511 2009-10-14 08:00 +00:00 Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
7.5
CVE-2009-2515 2009-10-14 08:00 +00:00 Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
7.2
CVE-2009-2516 2009-10-14 08:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
6.9
CVE-2009-2525 2009-10-14 08:00 +00:00 Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
9.3
CVE-2009-2528 2009-10-14 08:00 +00:00 GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
9.3
CVE-2009-2529 2009-10-14 08:00 +00:00 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
9.3
CVE-2009-2530 2009-10-14 08:00 +00:00 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
9.3
CVE-2009-2531 2009-10-14 08:00 +00:00 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.
9.3
CVE-2009-3126 2009-10-14 08:00 +00:00 Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
9.3
CVE-2009-1920 2009-09-08 20:00 +00:00 The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
9.3
CVE-2009-1925 2009-09-08 20:00 +00:00 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
10
CVE-2009-1926 2009-09-08 20:00 +00:00 Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
7.8
CVE-2009-2498 2009-09-08 20:00 +00:00 Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
9.3
CVE-2009-2499 2009-09-08 20:00 +00:00 Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."
8.5
CVE-2009-2519 2009-09-08 20:00 +00:00 The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
9.3
CVE-2009-3023 2009-08-31 18:00 +00:00 Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
9
CVE-2009-1133 2009-08-12 15:00 +00:00 Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
9.3
CVE-2009-1922 2009-08-12 15:00 +00:00 The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
6.9
CVE-2009-1923 2009-08-12 15:00 +00:00 Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
9.3
CVE-2009-1924 2009-08-12 15:00 +00:00 Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
9.3
CVE-2009-1930 2009-08-12 15:00 +00:00 The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
10
CVE-2009-2494 2009-08-12 15:00 +00:00 The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
10
CVE-2009-1917 2009-07-29 15:00 +00:00 Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."
9.3
CVE-2009-1918 2009-07-29 15:00 +00:00 Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."
10
CVE-2009-1919 2009-07-29 15:00 +00:00 Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-2493 2009-07-29 15:00 +00:00 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
9.3
CVE-2009-0231 2009-07-15 13:00 +00:00 The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
8.8
HIGH
CVE-2009-0232 2009-07-15 13:00 +00:00 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
9.3
CVE-2009-1538 2009-07-15 13:00 +00:00 The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
9.3
CVE-2009-1539 2009-07-15 13:00 +00:00 The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
9.3
CVE-2009-1122 2009-06-10 16:00 +00:00 The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
7.5
CVE-2009-1123 2009-06-10 16:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
7.2
CVE-2009-1124 2009-06-10 16:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
7.2
CVE-2009-1125 2009-06-10 16:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
7.2
CVE-2009-1126 2009-06-10 16:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
7.2
CVE-2009-1140 2009-06-10 16:00 +00:00 Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
7.1
CVE-2009-1529 2009-06-10 16:00 +00:00 Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-1530 2009-06-10 16:00 +00:00 Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."
9.3
CVE-2009-0228 2009-06-10 15:37 +00:00 Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
10
CVE-2009-0230 2009-06-10 15:37 +00:00 The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
9
CVE-2009-0568 2009-06-10 15:37 +00:00 The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
10
CVE-2009-1138 2009-06-10 15:37 +00:00 The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
10
CVE-2009-1139 2009-06-10 15:37 +00:00 Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
7.8
CVE-2009-1537 2009-05-29 16:00 +00:00 Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
9.3
CVE-2009-0084 2009-04-15 01:49 +00:00 Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
9.3
CVE-2009-0086 2009-04-15 01:49 +00:00 Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
10
CVE-2009-0087 2009-04-15 01:49 +00:00 Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
9.3
CVE-2009-0088 2009-04-15 01:49 +00:00 The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
9.3
CVE-2009-0089 2009-04-15 01:49 +00:00 Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
5.8
CVE-2009-0235 2009-04-15 01:49 +00:00 Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
9.3
CVE-2009-0550 2009-04-15 01:49 +00:00 Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."
9.3
CVE-2009-0551 2009-04-15 01:49 +00:00 Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
9.3
CVE-2009-0552 2009-04-15 01:49 +00:00 Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-0553 2009-04-15 01:49 +00:00 Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-0554 2009-04-15 01:49 +00:00 Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2009-0093 2009-03-11 13:00 +00:00 Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
3.5
CVE-2009-0094 2009-03-11 13:00 +00:00 The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
5.5
CVE-2009-0233 2009-03-11 13:00 +00:00 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
5.8
CVE-2009-0234 2009-03-11 13:00 +00:00 The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
6.4
CVE-2009-0081 2009-03-10 19:00 +00:00 The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
9.3
CVE-2009-0082 2009-03-10 19:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
7.2
CVE-2009-0083 2009-03-10 19:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
7.2
CVE-2009-0085 2009-03-10 19:00 +00:00 The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
7.1
CVE-2009-0282 2009-01-27 17:00 +00:00 Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
9.3
CVE-2009-0243 2009-01-21 19:00 +00:00 Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951.
7.2
CVE-2008-4834 2009-01-14 21:00 +00:00 Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
10
CVE-2008-4835 2009-01-14 21:00 +00:00 SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
10
CVE-2008-2249 2008-12-10 12:33 +00:00 Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
9.3
CVE-2008-3009 2008-12-10 12:33 +00:00 Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
10
CVE-2008-3010 2008-12-10 12:33 +00:00 Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
10
CVE-2008-3465 2008-12-10 12:33 +00:00 Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
9.3
CVE-2008-4258 2008-12-10 12:33 +00:00 Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."
8.5
CVE-2008-4259 2008-12-10 12:33 +00:00 Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."
9.3
CVE-2008-4260 2008-12-10 12:33 +00:00 Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
8.5
CVE-2008-4261 2008-12-10 12:33 +00:00 Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
9.3
CVE-2008-4841 2008-12-10 12:33 +00:00 The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
9.3
CVE-2008-5232 2008-11-26 00:00 +00:00 Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9.3
CVE-2008-5112 2008-11-17 22:00 +00:00 The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
5
CVE-2008-4033 2008-11-12 22:00 +00:00 Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
4.3
CVE-2008-4037 2008-11-12 22:00 +00:00 Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
9.3
CVE-2008-4250 2008-10-23 19:00 +00:00 The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
10
CVE-2008-4609 2008-10-20 15:00 +00:00 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
7.1
CVE-2008-1446 2008-10-14 22:00 +00:00 Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
9
CVE-2008-2250 2008-10-14 22:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
7.2
CVE-2008-2251 2008-10-14 22:00 +00:00 Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
7.2
CVE-2008-2252 2008-10-14 22:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
7.2
CVE-2008-3472 2008-10-14 22:00 +00:00 Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."
9.3
CVE-2008-3473 2008-10-14 22:00 +00:00 Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."
9.3
CVE-2008-3474 2008-10-14 22:00 +00:00 Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."
4.3
CVE-2008-3475 2008-10-14 22:00 +00:00 Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."
8.8
HIGH
CVE-2008-3476 2008-10-14 22:00 +00:00 Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."
9.3
CVE-2008-3477 2008-10-14 22:00 +00:00 Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
9.3
CVE-2008-3479 2008-10-14 22:00 +00:00 Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
10
CVE-2008-4023 2008-10-14 22:00 +00:00 Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
10
CVE-2008-4038 2008-10-14 22:00 +00:00 Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
10
CVE-2008-4114 2008-09-16 21:00 +00:00 srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
7.1
CVE-2008-2326 2008-09-10 14:00 +00:00 mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
5
CVE-2008-3630 2008-09-10 14:00 +00:00 mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
6.4
CVE-2008-3008 2008-09-10 13:00 +00:00 Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
9.3
CVE-2008-3842 2008-08-27 18:00 +00:00 Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "
4.3
CVE-2008-3843 2008-08-27 18:00 +00:00 Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
4.3
CVE-2008-1456 2008-08-13 08:00 +00:00 Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
9
CVE-2008-1457 2008-08-13 08:00 +00:00 The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
9
CVE-2008-2245 2008-08-12 22:00 +00:00 Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
9.3
CVE-2008-3365 2008-07-30 15:00 +00:00 Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
6.8
CVE-2008-1447 2008-07-08 21:00 +00:00 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
6.8
MEDIUM
CVE-2008-1454 2008-07-08 21:00 +00:00 Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
9.4
CVE-2008-0011 2008-06-11 23:30 +00:00 Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
9.3
CVE-2008-1444 2008-06-11 23:30 +00:00 Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
9.3
CVE-2008-1451 2008-06-11 23:30 +00:00 The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
7.2
CVE-2007-6255 2008-04-23 08:00 +00:00 Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
9.3
CVE-2008-0083 2008-04-08 21:00 +00:00 The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
9.3
CVE-2008-0087 2008-04-08 21:00 +00:00 The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
7.5
HIGH
CVE-2008-1083 2008-04-08 21:00 +00:00 Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
9.3
CVE-2008-1084 2008-04-08 21:00 +00:00 Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
7.2
CVE-2008-1086 2008-04-08 21:00 +00:00 The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
9.3
CVE-2008-1087 2008-04-08 21:00 +00:00 Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
9.3
CVE-2008-1544 2008-03-28 22:00 +00:00 The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
7.1
CVE-2008-1092 2008-03-25 15:00 +00:00 Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
9.3
CVE-2007-0065 2008-02-12 21:00 +00:00 Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
10
CVE-2008-0077 2008-02-12 21:00 +00:00 Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
8.8
HIGH
CVE-2008-0088 2008-02-12 19:00 +00:00 Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
6.8
CVE-2007-0066 2008-01-08 19:00 +00:00 The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
7.1
CVE-2007-5352 2008-01-08 19:00 +00:00 Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
7.2
CVE-2007-0064 2007-12-11 23:00 +00:00 Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
9.3
CVE-2007-3895 2007-12-11 23:00 +00:00 Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
9.3
CVE-2007-3901 2007-12-11 23:00 +00:00 Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
8.5
CVE-2007-5355 2007-12-05 10:00 +00:00 The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
5.8
CVE-2007-6026 2007-11-19 23:00 +00:00 Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
9.3
CVE-2007-3898 2007-11-14 00:00 +00:00 The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
6.4
CVE-2007-5667 2007-11-14 00:00 +00:00 NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
7.2
CVE-2003-1469 2007-10-24 21:00 +00:00 The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
5
CVE-2003-1437 2007-10-22 23:00 +00:00 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
2.1
CVE-2003-1448 2007-10-22 23:00 +00:00 Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
7.8
CVE-2007-2217 2007-10-09 20:00 +00:00 Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
9.3
CVE-2007-2228 2007-10-09 20:00 +00:00 rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
7.8
CVE-2007-4938 2007-09-18 17:00 +00:00 Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
7.6
CVE-2007-3036 2007-09-11 23:00 +00:00 Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
6.9
CVE-2007-3040 2007-09-11 23:00 +00:00 Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
9.3
CVE-2007-2224 2007-08-14 19:00 +00:00 Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
9.3
CVE-2007-3034 2007-08-14 19:00 +00:00 Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
9.3
CVE-2007-3958 2007-07-24 16:00 +00:00 Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
7.1
CVE-2007-0040 2007-07-10 20:00 +00:00 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
10
CVE-2007-0041 2007-07-10 20:00 +00:00 The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
9.3
CVE-2007-0042 2007-07-10 20:00 +00:00 Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
7.8
CVE-2007-0043 2007-07-10 20:00 +00:00 The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
9.3
CVE-2007-3028 2007-07-10 20:00 +00:00 The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
5
CVE-2006-7210 2007-06-27 15:00 +00:00 Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
5
CVE-2007-2219 2007-06-12 18:00 +00:00 Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
9.3
CVE-2007-0218 2007-06-12 17:00 +00:00 Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
9.3
CVE-2007-1750 2007-06-12 17:00 +00:00 Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.
9.3
CVE-2007-1751 2007-06-12 17:00 +00:00 Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2007-2218 2007-06-12 17:00 +00:00 Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
9.3
CVE-2007-2222 2007-06-12 17:00 +00:00 Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
9.3
CVE-2007-3027 2007-06-12 17:00 +00:00 Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
9.3
CVE-2007-3111 2007-06-07 19:00 +00:00 Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
10
CVE-2007-3091 2007-06-06 19:00 +00:00 Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
7.1
CVE-2007-2736 2007-05-17 17:00 +00:00 PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
10
CVE-2007-1898 2007-05-16 20:00 +00:00 formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
5.8
CVE-2007-2730 2007-05-16 20:00 +00:00 Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
7.2
CVE-2007-0942 2007-05-08 21:00 +00:00 Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
9.3
CVE-2007-0944 2007-05-08 21:00 +00:00 Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
9.3
CVE-2007-0945 2007-05-08 21:00 +00:00 Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."
9.3
CVE-2007-2221 2007-05-08 21:00 +00:00 Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."
9.3
CVE-2007-2374 2007-04-30 21:00 +00:00 Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
9.3
CVE-2007-2186 2007-04-24 15:00 +00:00 Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
5
CVE-2007-1748 2007-04-13 16:00 +00:00 Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
10
CVE-2007-1945 2007-04-10 23:00 +00:00 Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
7.5
CVE-2007-1912 2007-04-10 21:00 +00:00 Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
6.8
CVE-2007-1205 2007-04-10 19:00 +00:00 Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
9.3
CVE-2007-1206 2007-04-10 19:00 +00:00 The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.
7.2
CVE-2006-5586 2007-04-04 14:00 +00:00 The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
7.2
CVE-2007-1211 2007-04-04 14:00 +00:00 Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560.
7.1
CVE-2007-1212 2007-04-04 14:00 +00:00 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
6.6
CVE-2007-1213 2007-04-04 14:00 +00:00 The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
7.2
CVE-2007-1215 2007-04-04 14:00 +00:00 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
7.2
CVE-2007-0038 2007-03-30 18:00 +00:00 Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
9.3
CVE-2007-1727 2007-03-28 08:00 +00:00 Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.
6.5
CVE-2007-1692 2007-03-26 21:00 +00:00 The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
7.5
CVE-2007-1645 2007-03-23 23:00 +00:00 Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
10
CVE-2007-1512 2007-03-20 09:00 +00:00 Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
10
CVE-2006-7030 2007-02-23 00:00 +00:00 Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.
5
CVE-2006-7031 2007-02-23 00:00 +00:00 Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
5
CVE-2006-7034 2007-02-23 00:00 +00:00 SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
7.5
CVE-2006-7037 2007-02-23 00:00 +00:00 Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
4.4
CVE-2006-7039 2007-02-23 00:00 +00:00 The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.
5
CVE-2007-0843 2007-02-22 23:00 +00:00 The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
4.6
CVE-2007-1043 2007-02-21 16:00 +00:00 Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
7.5
CVE-2007-1070 2007-02-21 10:00 +00:00 Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
10
CVE-2007-0219 2007-02-13 22:00 +00:00 Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
10
CVE-2006-4697 2007-02-13 21:00 +00:00 Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
9.3
CVE-2007-0217 2007-02-13 21:00 +00:00 The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
10
CVE-2007-0026 2007-02-13 19:00 +00:00 The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
7.6
CVE-2007-0214 2007-02-13 19:00 +00:00 The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
9.3
CVE-2007-0024 2007-01-09 22:00 +00:00 Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
9.3
CVE-2006-6723 2006-12-26 19:00 +00:00 The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
7.8
CVE-2006-6696 2006-12-22 01:00 +00:00 Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
6.9
CVE-2006-6296 2006-12-05 10:00 +00:00 The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
6.1
CVE-2006-6261 2006-12-04 10:00 +00:00 Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
9.3
CVE-2006-5758 2006-11-06 19:00 +00:00 The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
7.2
CVE-2006-5559 2006-10-27 14:00 +00:00 The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
9.3
CVE-2006-4868 2006-09-19 17:00 +00:00 Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
9.3
CVE-2006-0032 2006-09-12 21:00 +00:00 Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
4.3
CVE-2006-3443 2006-08-08 23:00 +00:00 Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
7.2
CVE-2006-3444 2006-08-08 22:00 +00:00 Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
7.5
CVE-2006-3897 2006-07-27 08:00 +00:00 Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
5
CVE-2006-3880 2006-07-26 22:00 +00:00 Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.
5
CVE-2006-1313 2006-06-13 17:00 +00:00 Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
6.8
CVE-2006-2370 2006-06-13 17:00 +00:00 Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
7.5
CVE-2006-2371 2006-06-13 17:00 +00:00 Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
7.5
CVE-2006-2373 2006-06-13 17:00 +00:00 The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
10
CVE-2006-2374 2006-06-13 17:00 +00:00 The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
5.5
MEDIUM
CVE-2006-2379 2006-06-13 17:00 +00:00 Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
9.3
CVE-2006-2380 2006-06-13 17:00 +00:00 Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
4.3
CVE-2006-0034 2006-05-09 21:00 +00:00 Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
7.5
CVE-2006-1184 2006-05-09 21:00 +00:00 Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
5
CVE-2006-0012 2006-04-11 22:00 +00:00 Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
5.1
CVE-2006-1591 2006-04-03 08:00 +00:00 Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
5.1
CVE-2006-0988 2006-03-03 10:00 +00:00 The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
7.8
CVE-2006-0005 2006-02-14 18:00 +00:00 Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
9.3
CVE-2006-0488 2006-02-01 01:00 +00:00 The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.
2.1
CVE-2006-0010 2006-01-10 21:00 +00:00 Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
9.3
CVE-2006-0143 2006-01-09 19:00 +00:00 Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
7.5
CVE-2005-2827 2005-12-14 00:00 +00:00 The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
7.2
CVE-2005-3981 2005-12-04 10:00 +00:00 NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE
4.9
CVE-2005-3945 2005-12-01 10:00 +00:00 The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
7.8
CVE-2005-3644 2005-11-17 10:00 +00:00 PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
7.8
CVE-2005-2118 2005-10-21 02:00 +00:00 Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
5.1
CVE-2005-2122 2005-10-21 02:00 +00:00 Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
10
CVE-2004-2339 2005-08-16 02:00 +00:00 Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed
7.2
CVE-2005-0058 2005-08-10 02:00 +00:00 Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.
7.5
CVE-2005-1218 2005-08-10 02:00 +00:00 The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
5
CVE-2005-1981 2005-08-10 02:00 +00:00 Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
2.1
CVE-2005-1982 2005-08-10 02:00 +00:00 Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
3.6
CVE-2005-1983 2005-08-10 02:00 +00:00 Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
10
CVE-2005-2388 2005-07-27 02:00 +00:00 Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
7.2
CVE-2005-2307 2005-07-19 02:00 +00:00 netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
5
CVE-2005-2150 2005-07-11 02:00 +00:00 Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
5
CVE-2002-1700 2005-06-21 02:00 +00:00 Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
4.3
CVE-2002-1712 2005-06-21 02:00 +00:00 Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
5
CVE-2002-1749 2005-06-21 02:00 +00:00 Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
7.2
CVE-2005-1206 2005-06-15 02:00 +00:00 Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
7.5
CVE-2005-1208 2005-06-15 02:00 +00:00 Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
10
CVE-2005-1212 2005-06-14 02:00 +00:00 Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
7.5
CVE-2005-1214 2005-06-14 02:00 +00:00 Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
5.1
CVE-2005-0356 2005-05-31 02:00 +00:00 Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
5
CVE-2000-1218 2005-04-21 02:00 +00:00 The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
9.8
CRITICAL
CVE-2001-1451 2005-04-21 02:00 +00:00 Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
5
CVE-2001-1452 2005-04-21 02:00 +00:00 By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
7.5
HIGH
CVE-2005-1184 2005-04-19 02:00 +00:00 The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.
5
CVE-2005-1191 2005-04-19 02:00 +00:00 The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
5
CVE-2005-0048 2005-04-13 02:00 +00:00 Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
7.5
CVE-2005-0059 2005-04-13 02:00 +00:00 Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
10
CVE-2005-0060 2005-04-13 02:00 +00:00 Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
7.2
CVE-2005-0061 2005-04-13 02:00 +00:00 The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
7.2
CVE-2005-0063 2005-04-13 02:00 +00:00 The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
7.5
CVE-2005-0550 2005-04-13 02:00 +00:00 Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
2.1
CVE-2005-0551 2005-04-13 02:00 +00:00 Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
10
CVE-2005-0803 2005-03-20 04:00 +00:00 The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."
5
CVE-2003-1106 2005-03-11 04:00 +00:00 The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
5
CVE-2005-0545 2005-02-25 04:00 +00:00 Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
7.2
CVE-2004-1649 2005-02-20 04:00 +00:00 Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
7.2
CVE-2005-0416 2005-02-14 04:00 +00:00 The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
7.5
CVE-2005-0044 2005-02-08 04:00 +00:00 The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."
7.5
CVE-2005-0045 2005-02-08 04:00 +00:00 The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
7.5
CVE-2005-0047 2005-02-08 04:00 +00:00 Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
7.2
CVE-2005-0050 2005-02-08 04:00 +00:00 The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."
10
CVE-2005-0053 2005-02-08 04:00 +00:00 Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
7.5
CVE-2005-0057 2005-02-08 04:00 +00:00 The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
7.5
CVE-2004-1049 2005-01-19 04:00 +00:00 Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
5.1
CVE-2004-1306 2005-01-19 04:00 +00:00 Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
5.1
CVE-2004-1361 2005-01-19 04:00 +00:00 Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
5
CVE-2004-1305 2005-01-06 04:00 +00:00 The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
5
CVE-2004-1319 2005-01-06 04:00 +00:00 The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
5
CVE-2004-0567 2004-12-31 04:00 +00:00 The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."
7.5
CVE-2004-0568 2004-12-15 04:00 +00:00 HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
10
CVE-2004-0571 2004-12-15 04:00 +00:00 Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
10
CVE-2004-0893 2004-12-15 04:00 +00:00 The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
7.2
CVE-2004-0894 2004-12-15 04:00 +00:00 LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
7.2
CVE-2004-0901 2004-12-15 04:00 +00:00 Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
10
CVE-2004-1080 2004-12-01 04:00 +00:00 The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
10
CVE-2004-0978 2004-10-21 02:00 +00:00 Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
10
CVE-2004-0206 2004-10-16 02:00 +00:00 Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
7.5
CVE-2004-0207 2004-10-16 02:00 +00:00 "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
2.1
CVE-2004-0208 2004-10-16 02:00 +00:00 The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
7.2
CVE-2004-0209 2004-10-16 02:00 +00:00 Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
10
CVE-2004-0214 2004-10-16 02:00 +00:00 Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
10
CVE-2004-0839 2004-09-14 02:00 +00:00 Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
5
CVE-2001-0951 2004-09-01 02:00 +00:00 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
5
CVE-2001-1302 2004-09-01 02:00 +00:00 The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
2.1
CVE-2001-1347 2004-09-01 02:00 +00:00 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
4.6
CVE-2002-0443 2004-09-01 02:00 +00:00 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
4.6
CVE-2002-0692 2004-09-01 02:00 +00:00 Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
7.5
CVE-2002-0694 2004-09-01 02:00 +00:00 The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
7.5
CVE-2002-0864 2004-09-01 02:00 +00:00 The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
5
CVE-2002-1184 2004-09-01 02:00 +00:00 The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
4.6
CVE-2002-1214 2004-09-01 02:00 +00:00 Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
7.5
CVE-2002-1230 2004-09-01 02:00 +00:00 NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
4.6
CVE-2002-1256 2004-09-01 02:00 +00:00 The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
5
CVE-2002-1257 2004-09-01 02:00 +00:00 Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
10
CVE-2002-1260 2004-09-01 02:00 +00:00 The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
7.5
CVE-2002-1325 2004-09-01 02:00 +00:00 Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
5
CVE-2003-0003 2004-09-01 02:00 +00:00 Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
7.5
CVE-2003-0825 2004-09-01 02:00 +00:00 The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
9.3
CVE-2004-0726 2004-07-23 02:00 +00:00 The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
7.5
CVE-2004-0201 2004-07-14 02:00 +00:00 Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
10
CVE-2004-0210 2004-07-14 02:00 +00:00 The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
7.2
CVE-2004-0212 2004-07-14 02:00 +00:00 Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
10
CVE-2004-0213 2004-07-14 02:00 +00:00 Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
7.8
HIGH
CVE-2004-0202 2004-06-11 02:00 +00:00 IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
5
CVE-2004-0540 2004-06-08 02:00 +00:00 Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
10
CVE-2003-0663 2004-04-16 02:00 +00:00 Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
5
CVE-2003-0807 2004-04-16 02:00 +00:00 Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
5
CVE-2003-0908 2004-04-16 02:00 +00:00 The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
7.2
CVE-2003-0910 2004-04-16 02:00 +00:00 The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
7.2
CVE-2004-0116 2004-04-16 02:00 +00:00 An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
5
CVE-2004-0117 2004-04-16 02:00 +00:00 Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
7.5
CVE-2004-0118 2004-04-16 02:00 +00:00 The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
7.2
CVE-2004-0119 2004-04-16 02:00 +00:00 The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
7.5
HIGH
CVE-2004-0120 2004-04-16 02:00 +00:00 The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
5
CVE-2004-0123 2004-04-16 02:00 +00:00 Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
7.5
CVE-2004-0124 2004-04-16 02:00 +00:00 The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
2.6
CVE-2003-0818 2004-02-11 04:00 +00:00 Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
7.5
CVE-2003-0995 2003-12-17 04:00 +00:00 Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
7.5
CVE-2003-0812 2003-11-18 04:00 +00:00 Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
7.5
CVE-2003-0659 2003-10-17 02:00 +00:00 Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
7.2
CVE-2003-0660 2003-10-17 02:00 +00:00 The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
7.5
CVE-2003-0662 2003-10-17 02:00 +00:00 Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
9.3
CVE-2003-0711 2003-10-17 02:00 +00:00 Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
7.5
CVE-2003-0717 2003-10-17 02:00 +00:00 The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
7.5
CVE-2003-0813 2003-10-15 02:00 +00:00 A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
5.1
CVE-2003-0528 2003-09-12 02:00 +00:00 Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
10
CVE-2003-0715 2003-09-12 02:00 +00:00 Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
10
CVE-2003-0661 2003-09-04 02:00 +00:00 The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
5
CVE-2003-0605 2003-07-29 02:00 +00:00 The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
7.5
CVE-2003-0352 2003-07-17 02:00 +00:00 Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
7.5
CVE-2003-0345 2003-07-10 02:00 +00:00 Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
7.5
CVE-2003-0350 2003-07-10 02:00 +00:00 The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
4.6
CVE-2003-0496 2003-07-10 02:00 +00:00 Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
7.2
CVE-2003-0349 2003-06-28 02:00 +00:00 Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
7.5
CVE-2003-0469 2003-06-28 02:00 +00:00 Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
7.5
CVE-2003-0411 2003-06-11 02:00 +00:00 Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
7.5
HIGH
CVE-2003-0227 2003-05-30 02:00 +00:00 The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
5
CVE-2003-0112 2003-04-26 02:00 +00:00 Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
4.6
CVE-2003-0111 2003-04-15 02:00 +00:00 The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
7.5
CVE-2002-0054 2003-04-02 03:00 +00:00 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
7.5
CVE-2002-0366 2003-04-02 03:00 +00:00 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
7.2
CVE-2002-0367 2003-04-02 03:00 +00:00 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
7.2
CVE-2002-0391 2003-04-02 03:00 +00:00 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
9.8
CRITICAL
CVE-2002-0597 2003-04-02 03:00 +00:00 LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
5
CVE-2002-0720 2003-04-02 03:00 +00:00 A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
7.2
CVE-2002-1561 2003-03-26 04:00 +00:00 The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
5
CVE-2003-0010 2003-03-21 04:00 +00:00 Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
7.5
CVE-2003-0109 2003-03-18 04:00 +00:00 Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
7.5
CVE-2003-0001 2003-01-08 04:00 +00:00 Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
5
CVE-2002-1258 2002-12-17 04:00 +00:00 Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
5
CVE-2002-0693 2002-10-05 02:00 +00:00 Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
7.5
CVE-2002-0863 2002-10-01 02:00 +00:00 Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
5
CVE-2002-0862 2002-09-10 02:00 +00:00 The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
6.8
CVE-2002-0699 2002-08-31 02:00 +00:00 Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
5
CVE-2002-0724 2002-08-24 02:00 +00:00 Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
7.5
CVE-2002-0018 2002-06-25 02:00 +00:00 In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
10
CVE-2002-0020 2002-06-25 02:00 +00:00 Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
7.5
CVE-2002-0051 2002-06-25 02:00 +00:00 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
7.8
HIGH
CVE-2002-0055 2002-06-25 02:00 +00:00 SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
5
CVE-2002-0070 2002-06-25 02:00 +00:00 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
7.6
CVE-2002-0151 2002-06-25 02:00 +00:00 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
7.2
CVE-2001-1238 2002-05-03 02:00 +00:00 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
7.8
HIGH
CVE-2001-1288 2002-05-03 02:00 +00:00 Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
2.1
CVE-2002-0224 2002-05-03 02:00 +00:00 The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
5
CVE-1999-1358 2002-03-09 04:00 +00:00 When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
4.6
CVE-2000-0298 2002-03-09 04:00 +00:00 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
7.2
CVE-2000-0581 2002-03-09 04:00 +00:00 Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
5
CVE-2000-0790 2002-03-09 04:00 +00:00 The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
4.6
CVE-2000-1111 2002-03-09 04:00 +00:00 Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
5
CVE-2001-0018 2002-03-09 04:00 +00:00 Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
5
CVE-2001-0373 2002-03-09 04:00 +00:00 The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
2.1
CVE-2001-0502 2002-03-09 04:00 +00:00 Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
4.6
CVE-2001-0504 2002-03-09 04:00 +00:00 Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
7.5
CVE-2001-0543 2002-03-09 04:00 +00:00 Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
5
CVE-2001-0659 2002-03-09 04:00 +00:00 Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
5
CVE-2001-0663 2002-03-09 04:00 +00:00 Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
5
CVE-2001-0860 2002-03-09 04:00 +00:00 Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
7.5
CVE-2001-0879 2002-03-09 04:00 +00:00 Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
5
CVE-2002-0053 2002-02-18 04:00 +00:00 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
7.5
CVE-2001-0237 2001-09-18 02:00 +00:00 Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
5
CVE-2001-0238 2001-09-18 02:00 +00:00 Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
7.5
CVE-2001-0241 2001-09-18 02:00 +00:00 Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
10
CVE-2001-0341 2001-09-18 02:00 +00:00 Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
7.5
CVE-2001-0345 2001-09-18 02:00 +00:00 Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
5
CVE-2001-0346 2001-09-18 02:00 +00:00 Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
5
CVE-2001-0347 2001-09-18 02:00 +00:00 Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
7.5
CVE-2001-0348 2001-09-18 02:00 +00:00 Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
5
CVE-2001-0351 2001-09-18 02:00 +00:00 Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
2.1
CVE-2001-0509 2001-08-29 02:00 +00:00 Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
5
CVE-2001-0349 2001-07-27 02:00 +00:00 Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
7.2
CVE-2001-0350 2001-07-27 02:00 +00:00 Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
4.6
CVE-2001-0003 2001-05-07 02:00 +00:00 Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
5
CVE-2001-0014 2001-05-07 02:00 +00:00 Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
5
CVE-2001-0015 2001-05-07 02:00 +00:00 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
7.2
CVE-2001-0147 2001-05-07 02:00 +00:00 Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
10
CVE-2001-0261 2001-04-04 02:00 +00:00 Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
2.1
CVE-2001-0324 2001-04-04 02:00 +00:00 Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
2.6
CVE-2001-0046 2001-02-02 04:00 +00:00 The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
4.6
CVE-2001-0048 2001-02-02 04:00 +00:00 The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
7.2
CVE-2000-0834 2001-01-22 04:00 +00:00 The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
7.5
CVE-2000-0851 2001-01-22 04:00 +00:00 Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
4.6
CVE-2000-0933 2001-01-22 04:00 +00:00 The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
4.6
CVE-2000-1034 2001-01-22 04:00 +00:00 Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
10
CVE-2000-1089 2001-01-22 04:00 +00:00 Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
10
CVE-2000-0885 2000-11-29 04:00 +00:00 Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
7.5
CVE-2000-1079 2000-11-29 04:00 +00:00 Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
7.5
CVE-2000-0475 2000-10-13 02:00 +00:00 Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
4.6
CVE-2000-0663 2000-10-13 02:00 +00:00 The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
4.6
CVE-2000-0673 2000-10-13 02:00 +00:00 The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
5
CVE-2000-0737 2000-10-13 02:00 +00:00 The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
4.6
CVE-2000-0771 2000-10-13 02:00 +00:00 Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
2.1
CVE-2000-0580 2000-07-19 02:00 +00:00 Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
5
CVE-2000-0305 2000-07-12 02:00 +00:00 Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
7.8
CVE-2000-0311 2000-07-12 02:00 +00:00 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
2.1
CVE-2000-0331 2000-07-12 02:00 +00:00 Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
5
CVE-2000-0404 2000-07-12 02:00 +00:00 The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
5
CVE-2000-0416 2000-07-12 02:00 +00:00 NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
5
CVE-2000-0487 2000-07-12 02:00 +00:00 The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
3.6
CVE-2000-0544 2000-07-12 02:00 +00:00 Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
5
CVE-2000-0420 2000-06-15 02:00 +00:00 The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
7.2
CVE-1999-0819 2000-06-02 02:00 +00:00 NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
5
CVE-1999-0874 2000-06-02 02:00 +00:00 Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
10
CVE-2000-0232 2000-06-02 02:00 +00:00 Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
2.1
CVE-2000-0073 2000-04-18 02:00 +00:00 Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
5
CVE-2000-0222 2000-04-10 02:00 +00:00 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
10
CVE-1999-0249 2000-02-04 04:00 +00:00 Windows NT RSHSVC program allows remote users to execute arbitrary commands.
7.2
CVE-1999-0499 2000-02-04 04:00 +00:00 NETBIOS share information may be published through SNMP registry keys in NT.
7.5
CVE-1999-0503 2000-02-04 04:00 +00:00 A Windows NT local user or administrator account has a guessable password.
7.2
CVE-1999-0504 2000-02-04 04:00 +00:00 A Windows NT local user or administrator account has a default, null, blank, or missing password.
7.5
CVE-1999-0505 2000-02-04 04:00 +00:00 A Windows NT domain user or administrator account has a guessable password.
7.2
CVE-1999-0506 2000-02-04 04:00 +00:00 A Windows NT domain user or administrator account has a default, null, blank, or missing password.
7.2
CVE-1999-0511 2000-02-04 04:00 +00:00 IP forwarding is enabled on a machine which is not a router or firewall.
7.5
CVE-1999-0519 2000-02-04 04:00 +00:00 A NETBIOS/SMB share password is the default, null, or missing.
7.5
CVE-1999-0534 2000-02-04 04:00 +00:00 A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.
4.6
CVE-1999-0535 2000-02-04 04:00 +00:00 A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
10
CVE-1999-0562 2000-02-04 04:00 +00:00 The registry in Windows NT can be accessed remotely by users who are not administrators.
7.5
CVE-1999-0572 2000-02-04 04:00 +00:00 .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.
9.3
CVE-1999-0582 2000-02-04 04:00 +00:00 A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc.
5
CVE-1999-0585 2000-02-04 04:00 +00:00 A Windows NT administrator account has the default name of Administrator.
2.1
CVE-1999-0590 2000-02-04 04:00 +00:00 A system does not present an appropriate legal message or warning to a user who is accessing it.
10
CVE-1999-0595 2000-02-04 04:00 +00:00 A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
2.1
CVE-1999-0875 2000-01-18 04:00 +00:00 DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
7.5
CVE-1999-0700 2000-01-04 04:00 +00:00 Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
6.2
CVE-1999-0715 2000-01-04 04:00 +00:00 Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
4.6
CVE-1999-0716 2000-01-04 04:00 +00:00 Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
4.6
CVE-1999-0717 2000-01-04 04:00 +00:00 A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
2.6
CVE-1999-0721 2000-01-04 04:00 +00:00 Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
7.8
CVE-1999-0723 2000-01-04 04:00 +00:00 The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
7.1
CVE-1999-0726 2000-01-04 04:00 +00:00 An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
7.8
CVE-1999-0755 2000-01-04 04:00 +00:00 Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
5
CVE-1999-0918 2000-01-04 04:00 +00:00 Denial of service in various Windows systems via malformed, fragmented IGMP packets.
7.8
CVE-1999-0153 1999-09-29 02:00 +00:00 Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
5
CVE-1999-0372 1999-09-29 02:00 +00:00 The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
2.1
CVE-1999-0384 1999-09-29 02:00 +00:00 The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
4.6
CVE-1999-0391 1999-09-29 02:00 +00:00 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
7.5
CVE-1999-0612 1999-09-29 02:00 +00:00 A version of finger is running that exposes valid user information to any entity on the network.

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.