| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2008-1445 |
20 |
|
DoS |
2008-06-11 |
2018-10-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Active Directory on Microsoft Windows 2000 Server SP4, XP
Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008
allows remote authenticated users to cause a denial of service (system
hang or reboot) via a crafted LDAP request. |
|
452 |
CVE-2008-1441 |
20 |
|
DoS |
2008-06-11 |
2018-10-12 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista
Gold and SP1, and Server 2008 allows remote attackers to cause a denial
of service (system hang) via a series of Pragmatic General Multicast
(PGM) packets with invalid fragment options, aka the "PGM Malformed
Fragment Vulnerability." |
|
453 |
CVE-2008-1440 |
20 |
|
DoS |
2008-06-11 |
2018-10-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2,
does not properly validate the option length field in Pragmatic General
Multicast (PGM) packets, which allows remote attackers to cause a denial
of service (infinite loop and system hang) via a crafted PGM packet,
aka the "PGM Invalid Length Vulnerability." |
|
454 |
CVE-2008-1436 |
264 |
|
+Priv |
2008-04-21 |
2018-10-30 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and
2008 does not properly assign activities to the (1) NetworkService and
(2) LocalService accounts, which might allow context-dependent attackers
to gain privileges by using one service process to capture a resource
from a second service process that has a LocalSystem
privilege-escalation ability, related to improper management of the
SeImpersonatePrivilege user right, as originally reported for Internet
Information Services (IIS), aka Token Kidnapping. |
|
455 |
CVE-2008-1087 |
119 |
|
Exec Code Overflow |
2008-04-08 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4,
XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote
attackers to execute arbitrary code via an EMF image file with crafted
filename parameters, aka "GDI Stack Overflow Vulnerability." |
|
456 |
CVE-2008-1086 |
94 |
|
Exec Code Mem. Corr. |
2008-04-08 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft
Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1
and SP2, Vista SP1, and Server 2008, allows remote attackers to execute
arbitrary code via malformed arguments, which triggers memory
corruption. |
|
457 |
CVE-2008-1084 |
94 |
|
Exec Code |
2008-04-08 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the kernel in Microsoft Windows 2000
SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008
allows local users to execute arbitrary code via unknown vectors
related to improper input validation. NOTE: it was later reported that
one affected function is NtUserFnOUTSTRING in win32k.sys. |
|
458 |
CVE-2008-1083 |
119 |
|
Exec Code Overflow |
2008-04-08 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the CreateDIBPatternBrushPt function
in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2,
Vista, and Server 2008 allows remote attackers to execute arbitrary code
via an EMF or WMF image file with a malformed header that triggers an
integer overflow, aka "GDI Heap Overflow Vulnerability." |
|
459 |
CVE-2008-0322 |
264 |
|
Exec Code +Priv |
2008-05-13 |
2017-08-07 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for
Microsoft Windows XP sets Everyone/Write permissions for the
"\\.\I2OExc" device interface, which allows local users to gain
privileges. NOTE: this issue can be leveraged to overwrite arbitrary
memory and execute code via an IOCTL call with a crafted DeviceObject
pointer. |
|
460 |
CVE-2008-0088 |
20 |
|
DoS |
2008-02-12 |
2019-04-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Active Directory on Microsoft Windows
2000 and Windows Server 2003, and Active Directory Application Mode
(ADAM) on XP and Server 2003, allows remote attackers to cause a denial
of service (hang and restart) via a crafted LDAP request. |
|
461 |
CVE-2008-0083 |
94 |
|
Exec Code |
2008-04-08 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP
SP2, and Server 2003 SP1 and SP2, do not properly decode script, which
allows remote attackers to execute arbitrary code via unknown vectors.
|
|
462 |
CVE-2008-0020 |
94 |
|
Exec Code Mem. Corr. |
2009-07-07 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Load method in the
IPersistStreamInit interface in the Active Template Library (ATL), as
used in the Microsoft Video ActiveX control in msvidctl.dll in
DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003
SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows
remote attackers to execute arbitrary code via unknown vectors that
trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a
different vulnerability than CVE-2008-0015. |
|
463 |
CVE-2008-0015 |
119 |
|
Exec Code Overflow |
2009-07-07 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the CComVariant::ReadFromStream
function in the Active Template Library (ATL), as used in the
MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold,
SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to
execute arbitrary code via a crafted web page, as exploited in the wild
in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." |
|
464 |
CVE-2007-6753 |
|
|
+Priv |
2012-03-28 |
2016-11-28 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Shell32.dll in Microsoft
Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and
Windows 7, when using an environment configured with a string such as
%APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain
privileges via a Trojan horse DLL under the current working directory,
as demonstrated by iTunes and Safari. |
|
465 |
CVE-2007-6255 |
119 |
|
Exec Code Overflow |
2008-04-23 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in
HRTBEAT.OCX allows remote attackers to execute arbitrary code via the
Host argument to an unspecified method. |
|
466 |
CVE-2007-6026 |
119 |
|
Exec Code Overflow |
2007-11-19 |
2018-10-15 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0
(aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office
2003 SP3, allows user-assisted attackers to execute arbitrary code via a
crafted MDB file database file containing a column structure with a
modified column count. NOTE: this might be the same issue as
CVE-2005-0944. |
|
467 |
CVE-2007-5352 |
264 |
|
+Priv |
2008-01-08 |
2018-10-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Local Security Authority Subsystem
Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003
SP1 and SP2 allows local users to gain privileges via a crafted local
procedure call (LPC) request. |
|
468 |
CVE-2007-5348 |
189 |
|
Exec Code Overflow |
2008-09-10 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1,
Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft
Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003,
Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services
SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront
Client Security 1.0 allows remote attackers to execute arbitrary code
via an image file with crafted gradient sizes in gradient fill input,
which triggers a heap-based buffer overflow related to GdiPlus.dll and
VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." |
|
469 |
CVE-2007-5145 |
119 |
|
DoS Overflow |
2007-10-01 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple buffer overflows in system DLL files in Microsoft Windows
XP, as used by Microsoft Windows Explorer (explorer.exe)
6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia
applications, and other programs, allow user-assisted remote attackers
to cause a denial of service (application crash) via long strings in the
(1) author, (2) title, (3) subject, and (4) comment Properties fields
of a file, possibly involving improper handling of extended file
attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile,
(c) NtSetInformationFile, (d) FileAllInformation, (e)
FileNameInformation, and other FILE_INFORMATION_CLASS functions in
ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW
functions in kernel32.dll, a related issue to CVE-2007-1347. |
|
470 |
CVE-2007-5133 |
189 |
|
DoS Overflow |
2007-09-27 |
2019-04-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Microsoft Windows Explorer (explorer.exe) allows user-assisted
remote attackers to cause a denial of service (CPU consumption) via a
certain PNG file with a large tEXt chunk that possibly triggers an
integer overflow in PNG chunk size handling, as demonstrated by
badlycrafted.png. |
|
471 |
CVE-2007-4677 |
119 |
|
Exec Code Overflow |
2007-11-07 |
2018-10-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote attackers to execute arbitrary code via an invalid color table
size when parsing the color table atom (CTAB) in a movie file, related
to the CTAB RGB values. |
|
472 |
CVE-2007-4676 |
119 |
|
Exec Code Overflow |
2007-11-07 |
2018-10-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote attackers to execute arbitrary code via malformed elements when
parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field
(0x0099) opcodes in a PICT image. |
|
473 |
CVE-2007-4675 |
119 |
|
Exec Code Overflow |
2007-11-07 |
2018-10-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240
in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers
to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie
file containing a large size field in the atom header of a panorama
sample atom. |
|
474 |
CVE-2007-3751 |
|
|
Exec Code +Priv |
2007-11-07 |
2018-10-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in QuickTime for Java in Apple QuickTime
before 7.3 allows remote attackers to execute arbitrary code via
untrusted Java applets that gain privileges via unspecified vectors.
|
|
475 |
CVE-2007-3724 |
|
|
DoS |
2007-07-12 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The process scheduler in the Microsoft Windows XP kernel does not
make use of the process statistics kept by the kernel, performs
scheduling based on CPU billing gathered from periodic process sampling
ticks, and gives preference to "interactive" processes that perform
voluntary sleeps, which allows local users to cause a denial of service
(CPU consumption), as described in "Secretly Monopolizing the CPU
Without Superuser Privileges." |
|
476 |
CVE-2007-3463 |
|
|
|
2007-06-27 |
2018-10-16 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
** DISPUTED ** Microsoft Windows XP SP2 allows local users, who
have sessions created by another user's RunAs (run as) command, to kill
arbitrary processes of this other user, as demonstrated by the taskkill
program. NOTE: the researcher claims a vendor dispute in which the
vendor states that "RunAs and UAC are convenience features, not security
boundaries. If you need a security guarantee, please log out and log
back in with a different account." |
|
477 |
CVE-2007-3091 |
362 |
|
Exec Code |
2007-06-06 |
2018-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for
Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold,
SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to
execute arbitrary code or perform other actions upon a page transition,
with the permissions of the old page and the content of the new page, as
demonstrated by setInterval functions that set location.href within a
try/catch expression, aka the "bait & switch vulnerability" or "Race
Condition Cross-Domain Information Disclosure Vulnerability." |
|
478 |
CVE-2007-3034 |
189 |
|
Exec Code Overflow |
2007-08-14 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the AttemptWrite function in Graphics
Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server
2003 SP1 allows remote attackers to execute arbitrary code via a
crafted metafile (image) with a large record length value, which
triggers a heap-based buffer overflow. |
|
479 |
CVE-2007-2374 |
|
|
Exec Code |
2007-04-30 |
2019-04-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows 2000, XP, and
Server 2003 allows user-assisted remote attackers to execute arbitrary
code via unspecified vectors. NOTE: this information is based upon a
vague pre-advisory with no actionable information. However, the advisory
is from a reliable source. |
|
480 |
CVE-2007-2237 |
|
|
DoS |
2007-06-06 |
2018-10-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows context-dependent attackers to cause a denial of service (crash)
via an ICO file with an InfoHeader containing a Height of zero, which
triggers a divide-by-zero error. |
|
481 |
CVE-2007-2228 |
|
|
DoS |
2007-10-09 |
2018-10-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP
SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003
x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows
remote attackers to cause a denial of service (RPCSS service stop and
system restart) via an RPC request that uses NTLMSSP PACKET
authentication with a zero-valued verification trailer signature, which
triggers an invalid dereference. NOTE: this also affects Windows 2000
SP4, although the impact is an information leak. |
|
482 |
CVE-2007-2224 |
119 |
|
Exec Code Overflow |
2007-08-14 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Object linking and embedding (OLE) Automation, as used in
Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004
for Mac, and Visual Basic 6.0 allows remote attackers to execute
arbitrary code via the substringData method on a TextNode object, which
causes an integer overflow that leads to a buffer overflow. |
|
483 |
CVE-2007-2219 |
|
|
Exec Code |
2007-06-12 |
2018-10-16 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Win32 API on Microsoft Windows
2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to
execute arbitrary code via certain parameters to an unspecified
function. |
|
484 |
CVE-2007-2218 |
|
|
DoS Exec Code |
2007-06-12 |
2018-10-16 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Windows Schannel Security Package
for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2,
allows remote servers to execute arbitrary code or cause a denial of
service via crafted digital signatures that are processed during an SSL
handshake. |
|
485 |
CVE-2007-1946 |
|
|
DoS Exec Code Overflow |
2007-04-10 |
2018-10-16 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Windows Explorer in Microsoft Windows XP SP1
might allow user-assisted remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a large width dimension
in a crafted BMP image, as demonstrated by w4intof.bmp. |
|
486 |
CVE-2007-1912 |
|
|
Overflow |
2007-04-10 |
2017-10-10 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Microsoft Windows allows
user-assisted remote attackers to have an unknown impact via a crafted
.HLP file. |
|
487 |
CVE-2007-1765 |
|
|
DoS Exec Code Mem. Corr. |
2007-03-29 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows 2000 SP4 through
Vista allows remote attackers to execute arbitrary code or cause a
denial of service (persistent reboot) via a malformed ANI file, which
results in memory corruption when processing cursors, animated cursors,
and icons, a similar issue to CVE-2005-0416, as originally demonstrated
using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate
of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this
identifier. |
|
488 |
CVE-2007-1537 |
|
|
DoS |
2007-03-20 |
2018-10-16 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and
2003 SP1 uses weak permissions, which allows local users to write to the
device and cause a denial of service, as demonstrated by using an IRQL
to acquire a spinlock on paged memory via the NdisTapiDispatch function.
|
|
489 |
CVE-2007-1531 |
399 |
|
DoS |
2007-03-20 |
2018-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows XP and Vista overwrites ARP table entries
included in gratuitous ARP, which allows remote attackers to cause a
denial of service (loss of network access) by sending a gratuitous ARP
for the address of the Vista host. |
|
490 |
CVE-2007-1492 |
|
|
DoS |
2007-03-16 |
2008-11-13 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
winmm.dll in Microsoft Windows XP allows user-assisted remote
attackers to cause a denial of service (infinite loop) via a large cch
argument value to the mmioRead function, as demonstrated by a crafted
WAV file. |
|
491 |
CVE-2007-1215 |
|
|
Overflow +Priv |
2007-04-04 |
2018-10-16 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and
Vista allows local users to gain privileges via certain "color-related
parameters" in crafted images. |
|
492 |
CVE-2007-1212 |
|
|
Overflow +Priv |
2007-04-04 |
2018-10-16 |
6.6 |
Admin |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and
Vista allows local users to gain privileges via a crafted Enhanced
Metafile (EMF) image format file. |
|
493 |
CVE-2007-1211 |
399 |
|
DoS |
2007-04-04 |
2018-10-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP
SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote
attackers to cause a denial of service (possibly persistent restart) via
a crafted Windows Metafile (WMF) image that causes an invalid
dereference of an offset in a kernel structure, a related issue to
CVE-2005-4560. |
|
494 |
CVE-2007-1206 |
264 |
|
+Priv |
2007-04-10 |
2018-10-16 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft
Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2;
and Windows Vista before June 2006; uses insecure permissions
(PAGE_READWRITE) for a physical memory view, which allows local users to
gain privileges by modifying the "zero page" during a race condition
before the view is unmapped. |
|
495 |
CVE-2007-1205 |
|
|
Exec Code Mem. Corr. |
2007-04-10 |
2018-10-16 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Agent
(msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003,
2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code
via crafted URLs, which result in memory corruption. |
|
496 |
CVE-2007-1204 |
119 |
|
Exec Code Overflow Mem. Corr. |
2007-04-10 |
2018-10-16 |
6.8 |
Admin |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Universal Plug and Play (UPnP)
service in Microsoft Windows XP SP2 allows remote attackers on the same
subnet to execute arbitrary code via crafted HTTP headers in request or
notification messages, which trigger memory corruption. |
|
497 |
CVE-2007-0933 |
|
|
DoS Exec Code Overflow |
2007-06-05 |
2017-07-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
beacon frame with a long TIM Information Element. |
|
498 |
CVE-2007-0843 |
264 |
|
Bypass |
2007-02-22 |
2018-10-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ReadDirectoryChangesW API function on Microsoft Windows 2000,
XP, Server 2003, and Vista does not check permissions for child objects,
which allows local users to bypass permissions by opening a directory
with LIST (READ) access and using ReadDirectoryChangesW to monitor
changes of files that do not have LIST permissions, which can be
leveraged to determine filenames, access times, and other sensitive
information. |
|
499 |
CVE-2007-0214 |
|
|
Exec Code |
2007-02-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows
2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to
execute arbitrary code via unspecified functions, related to
uninitialized parameters. |
|
500 |
CVE-2007-0211 |
|
|
+Priv |
2007-02-13 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The hardware detection functionality in the Windows Shell in
Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows
local users to gain privileges via an unvalidated parameter to a
function related to the "detection and registration of new hardware."
|
