| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
501 |
CVE-2007-0210 |
|
|
Overflow +Priv |
2007-02-13 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Window Image Acquisition (WIA) Service in Microsoft Windows XP
SP2 allows local users to gain privileges via unspecified vectors
involving an "unchecked buffer," probably a buffer overflow. |
|
502 |
CVE-2007-0069 |
|
|
DoS Exec Code Mem. Corr. |
2008-01-08 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the kernel in Microsoft Windows XP
SP2, Server 2003, and Vista allows remote attackers to cause a denial of
service (CPU consumption) and possibly execute arbitrary code via
crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption,
aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." |
|
503 |
CVE-2007-0066 |
|
|
DoS |
2008-01-08 |
2018-10-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003,
when ICMP Router Discovery Protocol (RDP) is enabled, allows remote
attackers to cause a denial of service via fragmented router
advertisement ICMP packets that trigger an out-of-bounds read, aka
"Windows Kernel TCP/IP/ICMP Vulnerability." |
|
504 |
CVE-2007-0038 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2007-03-30 |
2018-10-16 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the animated cursor code in
Microsoft Windows 2000 SP4 through Vista allows remote attackers to
execute arbitrary code or cause a denial of service (persistent reboot)
via a large length value in the second (or later) anih block of a RIFF
.ANI, cur, or .ico file, which results in memory corruption when
processing cursors, animated cursors, and icons, a variant of
CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and
7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then
CVE-2007-0038 should be preferred. |
|
505 |
CVE-2007-0026 |
|
|
Exec Code Mem. Corr. |
2007-02-13 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2,
and 2003 SP1 allows user-assisted remote attackers to execute arbitrary
code via an RTF file with a malformed OLE object that triggers memory
corruption. |
|
506 |
CVE-2006-7210 |
|
|
DoS |
2007-06-27 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows 2000, XP, and Server 2003 allows remote
attackers to cause a denial of service (cpu consumption) via a PNG image
with crafted (1) Width and (2) Height values in the IHDR block. |
|
507 |
CVE-2006-6797 |
|
|
DoS |
2006-12-28 |
2018-10-17 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows
allows local users to cause a denial of service (crash) or read
arbitrary memory from csrss.exe via crafted arguments to the
NtRaiseHardError function with status 0x50000018, a different
vulnerability than CVE-2006-6696. |
|
508 |
CVE-2006-6723 |
399 |
|
DoS |
2006-12-26 |
2017-10-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Workstation service in Microsoft Windows 2000 SP4 and XP SP2
allows remote attackers to cause a denial of service (memory
consumption) via a large maxlen value in an NetrWkstaUserEnum RPC
request. |
|
509 |
CVE-2006-6696 |
119 |
|
Overflow +Priv |
2006-12-21 |
2019-04-30 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and
Vista allows local users to gain privileges by calling the MessageBox
function with a MB_SERVICE_NOTIFICATION message with crafted data, which
sends a HardError message to Client/Server Runtime Server Subsystem
(CSRSS) process, which is not properly handled when invoking the
UserHardError and GetHardErrorText functions in WINSRV.DLL. |
|
510 |
CVE-2006-6659 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll)
in Windows XP SP2 allows remote attackers to cause a denial of service
(Internet Explorer 7 hang) via crafted HTML. |
|
511 |
CVE-2006-6602 |
|
|
DoS |
2006-12-15 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft
Windows XP SP2 allows user-assisted remote attackers to cause a denial
of service via a crafted WMV file. |
|
512 |
CVE-2006-6601 |
399 |
|
DoS |
2006-12-15 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2
allows user-assisted remote attackers to cause a denial of service via a
.MID (MIDI) file with a malformed header chunk without any track
chunks, possibly involving (1) number of tracks of (2) time division
fields that are set to 0. |
|
513 |
CVE-2006-6296 |
399 |
|
DoS |
2006-12-05 |
2019-04-30 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe)
service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows
XP SP1 and earlier, allows remote attackers to cause a denial of service
(memory consumption) via an RPC request that specifies a large
'offered' value (output buffer size), a variant of CVE-2005-3644. |
|
514 |
CVE-2006-5758 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2006-11-06 |
2018-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Rendering Engine in Microsoft Windows 2000 through
2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a
global shared memory section that is mapped with read-only permissions,
but can be remapped by other processes as read-write, which allows local
users to cause a denial of service (memory corruption and crash) and
gain privileges by modifying the kernel structures. |
|
515 |
CVE-2006-5614 |
|
|
DoS |
2006-10-30 |
2017-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows
XP SP2, when Internet Connection Sharing is enabled, allows remote
attackers to cause a denial of service (svchost.exe crash) via a
malformed DNS query, which results in a null pointer dereference. |
|
516 |
CVE-2006-5586 |
|
|
+Priv |
2007-04-04 |
2018-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP
SP2 allows local users to gain privileges via "invalid application
window sizes" in layered application windows, aka the "GDI Invalid
Window Size Elevation of Privilege Vulnerability." |
|
517 |
CVE-2006-5585 |
264 |
|
+Priv |
2006-12-12 |
2018-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2
and Server 2003 allows local users to gain privileges via a crafted file
manifest within an application, aka "File Manifest Corruption
Vulnerability." |
|
518 |
CVE-2006-4702 |
|
|
Exec Code Overflow |
2006-12-12 |
2018-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Windows Media Format Runtime in Microsoft
Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and
Server 2003 SP1 allows remote attackers to execute arbitrary code via a
crafted Advanced Systems Format (ASF) file. |
|
519 |
CVE-2006-4696 |
94 |
|
Exec Code |
2006-10-10 |
2018-10-17 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Server service in Microsoft
Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier
allows remote attackers to execute arbitrary code via a crafted packet,
aka "SMB Rename Vulnerability." |
|
520 |
CVE-2006-4692 |
94 |
|
Exec Code |
2006-10-10 |
2018-10-17 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Argument injection vulnerability in the Windows Object Packager
(packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1
and earlier allows remote user-assisted attackers to execute arbitrary
commands via a crafted file with a "/" (slash) character in the filename
of the Command Line property, followed by a valid file extension, which
causes the command before the slash to be executed, aka "Object
Packager Dialogue Spoofing Vulnerability." |
|
521 |
CVE-2006-4691 |
|
|
Exec Code Overflow |
2006-11-14 |
2018-10-17 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the NetpManageIPCConnect function
in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4
and XP SP2 allows remote attackers to execute arbitrary code via
NetrJoinDomain2 RPC messages with a long hostname. |
|
522 |
CVE-2006-4689 |
|
|
DoS |
2006-11-14 |
2018-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the driver for the Client Service for
NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003
up to SP1 allows remote attackers to cause a denial of service (hang and
reboot) via has unknown attack vectors, aka "NetWare Driver Denial of
Service Vulnerability." |
|
523 |
CVE-2006-4688 |
|
|
Exec Code Overflow Mem. Corr. |
2006-11-14 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft
Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote
attackers to execute arbitrary code via crafted messages, aka "Client
Service for NetWare Memory Corruption Vulnerability." |
|
524 |
CVE-2006-4071 |
|
|
DoS |
2006-08-09 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Sign extension vulnerability in the createBrushIndirect function
in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and
possibly other versions, allows user-assisted attackers to cause a
denial of service (application crash) via a crafted WMF file. |
|
525 |
CVE-2006-4066 |
|
|
DoS |
2006-08-09 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The Graphical Device Interface Plus library (gdiplus.dll) in
Microsoft Windows XP SP2 allows context-dependent attackers to cause a
denial of service (application crash) via certain images that trigger a
divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file
that crashes MSN Messenger, and (3) .jpg file that crashes Internet
Explorer. NOTE: another researcher has not been able to reproduce this
issue. |
|
526 |
CVE-2006-3942 |
20 |
|
DoS |
2006-07-31 |
2018-10-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP,
and Server 2003 allows remote attackers to cause a denial of service
(system crash) via an SMB_COM_TRANSACTION SMB message that contains a
string without null character termination, which leads to a NULL
dereference in the ExecuteTransaction function, possibly related to an
"SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name
"Mailslot DOS" was derived from incomplete initial research; the
vulnerability is not associated with a mailslot. |
|
527 |
CVE-2006-3880 |
|
|
DoS |
2006-07-26 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows
XP, and Windows Small Business Server 2003 allow remote attackers to
cause a denial of service (IP stack hang) via a continuous stream of
packets on TCP port 135 that have incorrect TCP header checksums and
random numbers in certain TCP header fields, as demonstrated by the
Achilles Windows Attack Tool. NOTE: the researcher reports that the
Microsoft Security Response Center has stated "Our investigation which
has included code review, review of the TCPDump, and attempts on
reproing the issue on multiple fresh installs of various Windows
Operating Systems have all resulted in non confirmation." |
|
528 |
CVE-2006-3873 |
|
|
DoS Exec Code Overflow |
2006-09-12 |
2018-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042
patch before 20060912, allows remote attackers to cause a denial of
service (crash) or execute arbitrary code via a long URL in a
GZIP-encoded website that was the target of an HTTP redirect, due to an
incomplete fix for CVE-2006-3869. |
|
529 |
CVE-2006-3648 |
|
|
Exec Code |
2006-08-08 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1
and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute
arbitrary code via unspecified vectors involving unhandled exceptions,
memory resident applications, and incorrectly "unloading chained
exception." |
|
530 |
CVE-2006-3445 |
189 |
|
Exec Code Overflow |
2006-11-14 |
2018-10-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the ReadWideString function in agentdpv.dll in
Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003
up to SP1 allows remote attackers to execute arbitrary code via a large
length value in an .ACF file, which results in a heap-based buffer
overflow. |
|
531 |
CVE-2006-3442 |
94 |
|
Exec Code |
2006-09-12 |
2018-10-18 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Pragmatic General Multicast (PGM) in
Microsoft Windows XP SP2 and earlier allows remote attackers to execute
arbitrary code via a crafted multicast message. |
|
532 |
CVE-2006-3441 |
|
|
Exec Code Overflow |
2006-08-08 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the DNS Client service in Microsoft Windows
2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to
execute arbitrary code via a crafted record response. NOTE: while
MS06-041 implies that there is a single issue, there are multiple
vectors, and likely multiple vulnerabilities, related to (1) a
heap-based buffer overflow in a DNS server response to the client, (2) a
DNS server response with malformed ATMA records, and (3) a length
miscalculation in TXT, HINFO, X25, and ISDN records. |
|
533 |
CVE-2006-3440 |
|
|
Exec Code Overflow |
2006-08-08 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4,
XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute
arbitrary code via unknown vectors, aka "Winsock Hostname
Vulnerability." |
|
534 |
CVE-2006-3439 |
|
|
Exec Code Overflow |
2006-08-08 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Server Service in Microsoft Windows 2000
SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers,
including anonymous users, to execute arbitrary code via a crafted RPC
message, a different vulnerability than CVE-2006-1314. |
|
535 |
CVE-2006-3351 |
|
|
DoS Exec Code Overflow |
2006-07-05 |
2018-10-18 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP
and 2003 allows user-assisted attackers to cause a denial of service
(repeated crash) and possibly execute arbitrary code via a .url file
with an InternetShortcut tag containing a long URL and a large number of
"file:" specifiers. |
|
536 |
CVE-2006-3209 |
|
|
+Priv |
2006-06-23 |
2018-10-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP
spawns each scheduled process with SYSTEM permissions, which allows
local users to gain privileges. NOTE: this issue has been disputed by
third parties, who state that the Task scheduler is limited to the
Administrators group by default upon installation. |
|
537 |
CVE-2006-2379 |
119 |
|
Exec Code Overflow |
2006-06-13 |
2019-04-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows
2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote
attackers to execute arbitrary code via unknown vectors related to IP
source routing. |
|
538 |
CVE-2006-2378 |
|
|
Exec Code Overflow |
2006-06-13 |
2018-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ART Image Rendering component (jgdw400.dll)
in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and
Windows 98 and Me allows remote attackers to execute arbitrary code via a
crafted ART image that causes heap corruption. |
|
539 |
CVE-2006-2374 |
399 |
|
DoS |
2006-06-13 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft
Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows
local users to cause a denial of service (hang) by calling the
MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow
device, which results in a deadlock, aka the "SMB Invalid Handle
Vulnerability." |
|
540 |
CVE-2006-2373 |
264 |
|
Exec Code |
2006-06-13 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft
Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows
local users to execute arbitrary code by calling the
MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method
flag and an arbitrary address, possibly for kernel memory, aka the "SMB
Driver Elevation of Privilege Vulnerability." |
|
541 |
CVE-2006-2371 |
|
|
Exec Code Overflow |
2006-06-13 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Remote Access Connection Manager service
(RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and
Server 2003 SP1 and earlier allows remote unauthenticated or
authenticated attackers to execute arbitrary code via certain crafted
"RPC related requests," that lead to registry corruption and stack
corruption, aka the "RASMAN Registry Corruption Vulnerability." |
|
542 |
CVE-2006-2370 |
|
|
Exec Code Overflow Mem. Corr. |
2006-06-13 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Routing and Remote Access service (RRAS) in
Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and
earlier allows remote unauthenticated or authenticated attackers to
execute arbitrary code via certain crafted "RPC related requests," aka
the "RRAS Memory Corruption Vulnerability." |
|
543 |
CVE-2006-2334 |
|
|
|
2006-05-11 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in
Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS
style paths with trailing spaces into NT style paths, which allows
context-dependent attackers to create files that cannot be accessed
through the expected DOS path or prevent access to other similarly named
files in the same directory, which prevents those files from being
detected or disinfected by certain anti-virus and anti-spyware software.
|
|
544 |
CVE-2006-1591 |
|
|
Exec Code Overflow |
2006-04-03 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe
allows user-assisted attackers to execute arbitrary code via crafted
embedded image data in a .hlp file. |
|
545 |
CVE-2006-1476 |
|
|
|
2006-03-28 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Windows Firewall in Microsoft Windows XP SP2 produces incorrect
application block alerts when the application filename is ".exe" (with
no characters before the "."), which might allow local user-assisted
users to trick a user into unblocking a Trojan horse program, as
demonstrated by a malicious ".exe" program in a folder named "Internet
Explorer," which triggers a question about whether to unblock the
"Internet Explorer" program. |
|
546 |
CVE-2006-1475 |
|
|
|
2006-03-28 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Windows Firewall in Microsoft Windows XP SP2 does not produce
application alerts when an application is executed using the NTFS
Alternate Data Streams (ADS) filename:stream syntax, which might allow
local users to launch a Trojan horse attack in which the victim does not
obtain the alert that Windows Firewall would have produced for a
non-ADS file. |
|
547 |
CVE-2006-1314 |
|
|
Exec Code Overflow Mem. Corr. Bypass |
2006-07-11 |
2018-10-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the Server Service (SRV.SYS driver)
in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1,
and other products, allows remote attackers to execute arbitrary code
via crafted first-class Mailslot messages that triggers memory
corruption and bypasses size restrictions on second-class Mailslot
messages. |
|
548 |
CVE-2006-1313 |
|
|
Exec Code Mem. Corr. |
2006-06-13 |
2019-04-30 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6
on Windows XP, Server 2003, Windows 98 and Windows Me, will "release
objects early" in certain cases, which results in memory corruption and
allows remote attackers to execute arbitrary code. |
|
549 |
CVE-2006-1311 |
|
|
Exec Code Mem. Corr. |
2007-02-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and
2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac;
and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows
user-assisted remote attackers to execute arbitrary code via a malformed
OLE object in an RTF file, which triggers memory corruption. |
|
550 |
CVE-2006-1184 |
|
|
DoS |
2006-05-09 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows
NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote
attackers to cause a denial of service (crash) via a BuildContextW
request with a large (1) UuidString or (2) GuidIn of a certain length,
which causes an out-of-range memory access, aka the MSDTC Denial of
Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. |
