| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
551 |
CVE-2006-0488 |
|
|
+Info |
2006-01-31 |
2018-10-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The VDM (Virtual DOS Machine) emulation environment for MS-DOS
applications in Windows 2000, Windows XP SP2, and Windows Server 2003
allows local users to read the first megabyte of memory and possibly
obtain sensitive information, as demonstrated by dumper.asm. |
|
552 |
CVE-2006-0376 |
|
|
|
2006-01-22 |
2018-10-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The 802.11 wireless client in certain operating systems including
Windows 2000, Windows XP, and Windows Server 2003 does not warn the user
when (1) it establishes an association with a station in ad hoc (aka
peer-to-peer) mode or (2) a station in ad hoc mode establishes an
association with it, which allows remote attackers to put unexpected
wireless communication into place. |
|
553 |
CVE-2006-0143 |
399 |
|
DoS |
2006-01-09 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows Graphics Rendering Engine (GRE) allows remote
attackers to corrupt memory and cause a denial of service (crash) via a
WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls
with arguments with inconsistent lengths. |
|
554 |
CVE-2006-0034 |
119 |
|
Exec Code Overflow |
2006-05-09 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the
CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft
Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and
Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary
code via a long fifth argument to the BuildContextW or BuildContext
opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC
Invalid Memory Access Vulnerability. |
|
555 |
CVE-2006-0032 |
79 |
|
XSS |
2006-09-12 |
2019-04-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Indexing Service
in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option
is set to Auto Select, allows remote attackers to inject arbitrary web
script or HTML via a UTF-7 encoded URL, which is injected into an error
message whose charset is set to UTF-7. |
|
556 |
CVE-2006-0023 |
264 |
|
+Priv |
2006-02-07 |
2018-10-19 |
4.3 |
User |
Local |
Low |
Single system |
Partial |
Partial |
Partial |
|
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly
other operating systems and versions, uses insecure default ACLs that
allow the Authenticated Users group to gain privileges by modifying
critical configuration information for the (1) Simple Service Discovery
Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3)
NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka
"Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP,
DnsCache already require privileged access to exploit. |
|
557 |
CVE-2006-0021 |
119 |
|
DoS Overflow |
2006-02-14 |
2018-10-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1,
allows remote attackers to cause a denial of service (hang) via an IGMP
packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
|
|
558 |
CVE-2006-0020 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2006-01-10 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An unspecified Microsoft WMF parsing application, as used in
Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows
Millennium, and possibly other versions, allows attackers to cause a
denial of service (crash) and possibly execute code via a crafted WMF
file with a manipulated WMF header size, possibly involving an integer
overflow, a different vulnerability than CVE-2005-4560, and aka "WMF
Image Parsing Memory Corruption Vulnerability." |
|
559 |
CVE-2006-0013 |
|
|
Exec Code Overflow |
2006-02-14 |
2018-10-12 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Buffer overflow in the Web Client service (WebClnt.dll) for
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows
remote authenticated users or Guests to execute arbitrary code via
crafted RPC requests, a different vulnerability than CVE-2005-1207. |
|
560 |
CVE-2006-0012 |
|
|
Exec Code |
2006-04-11 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Windows Explorer in Microsoft Windows
2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers
to execute arbitrary code via attack vectors involving COM objects and
"crafted files and directories," aka the "Windows Shell Vulnerability."
|
|
561 |
CVE-2006-0010 |
119 |
|
Exec Code Overflow |
2006-01-10 |
2019-04-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows
2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and
Windows ME allows remote attackers to execute arbitrary code via an
e-mail message or web page with a crafted Embedded Open Type (EOT) web
font that triggers the overflow during decompression. |
|
562 |
CVE-2006-0008 |
264 |
|
+Priv |
2006-02-14 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ShellAbout API call in Korean Input Method Editor (IME) in
Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003
up to SP1, and Office 2003, allows local users to gain privileges by
launching the "shell about dialog box" and clicking the "End-User
License Agreement" link, which executes Notepad with the privileges of
the program that displays the about box. |
|
563 |
CVE-2006-0006 |
119 |
|
Exec Code Overflow |
2006-02-14 |
2018-10-19 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the bitmap processing routine in
Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9
on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2
allows remote attackers to execute arbitrary code via a crafted bitmap
(.BMP) file that specifies a size of 0 but contains additional data.
|
|
564 |
CVE-2006-0005 |
119 |
|
Exec Code Overflow |
2006-02-14 |
2019-04-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the plug-in for Microsoft Windows Media Player
(WMP) 9 and 10, when used in browsers other than Internet Explorer and
set as the default application to handle media files, allows remote
attackers to execute arbitrary code via HTML with an EMBED element
containing a long src attribute. |
|
565 |
CVE-2005-4717 |
|
|
DoS |
2005-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows
2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1
allows remote attackers to cause a denial of service (client crash) via a
certain combination of a malformed HTML file and a CSS file that
triggers a null dereference, probably related to rendering of a DIV
element that contains a malformed IMG tag, as demonstrated by
IEcrash.htm and IEcrash.rar. |
|
566 |
CVE-2005-4697 |
|
|
|
2005-12-31 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Microsoft Wireless Zero Configuration system (WZCS) allows
local users to access WEP keys and pair-wise Master Keys (PMK) of the
WPA pre-shared key via certain calls to the WZCQueryInterface API
function in wzcsapi.dll. |
|
567 |
CVE-2005-4696 |
|
|
|
2005-12-31 |
2017-10-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP
keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in
plaintext in memory of the explorer process, which allows attackers with
access to process memory to steal the keys and access the network. |
|
568 |
CVE-2005-4560 |
20 |
|
Exec Code |
2005-12-28 |
2018-10-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Windows Graphical Device Interface library (GDI32.DLL) in
Microsoft Windows allows remote attackers to execute arbitrary code via a
Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI
Escape function call, related to the Windows Picture and Fax Viewer
(SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and
CVE-2005-2124, and as originally discovered in the wild on
unionseek.com. |
|
569 |
CVE-2005-4269 |
|
|
DoS |
2005-12-15 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet
Explorer 6.0 SP1 allows attackers to cause a denial of service (access
violation) by causing mshtml.dll to process button-focus events at the
same time that a document is reloading, as seen in Microsoft Office
InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating
section in a form. NOTE: the normal operation of InfoPath appears to
involve a local user without any privilege boundaries, so this might not
be a vulnerability in InfoPath. If no realistic scenarios exist for
this problem in other products, then perhaps it should be excluded from
CVE. |
|
570 |
CVE-2005-3981 |
|
|
|
2005-12-04 |
2019-04-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
** DISPUTED ** NOTE: this issue has been disputed by third
parties. Microsoft Windows XP, 2000, and 2003 allows local users to
kill a writable process by using the CreateRemoteThread function with
certain arguments on a process that has been opened using the
OpenProcess function, possibly involving an invalid address for the
start routine. NOTE: followup posts have disputed this issue, saying
that if a user already has privileges to write to a process, then other
functions could be called or the process could be terminated using
PROCESS_TERMINATE. |
|
571 |
CVE-2005-3644 |
399 |
|
DoS |
2005-11-17 |
2019-04-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft
Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier,
allows remote attackers to cause a denial of service (memory
consumption) via a DCE RPC request that specifies a large output buffer
size, a variant of CVE-2006-6296, and a different vulnerability than
CVE-2005-2120. |
|
572 |
CVE-2005-3595 |
|
|
|
2005-11-16 |
2017-07-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
By default Microsoft Windows XP Home Edition installs with a blank
password for the Administrator account, which allows remote attackers
to gain control of the computer. |
|
573 |
CVE-2005-3177 |
|
|
|
2005-10-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4,
Windows XP, and Windows Server 2003, when running in fix mode, does not
properly handle security descriptors if the master file table contains a
large number of files or if the descriptors do not satisfy certain NTFS
conventions, which could cause ACLs for some files to be reverted to
less secure defaults, or cause security descriptors to be removed. |
|
574 |
CVE-2005-2765 |
|
|
|
2005-09-01 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The user interface in the Windows Firewall does not properly
display certain malformed entries in the Windows Registry, which makes
it easier for attackers with administrator privileges to hide activities
if the administrator only uses the Windows Firewall interface to
monitor exceptions. NOTE: the vendor disputes this issue, saying that
since administrative privileges are already required, it is not a
vulnerability. CVE has not yet formally decided if such "information
hiding" issues should be included. |
|
575 |
CVE-2005-2388 |
|
|
Exec Code Overflow |
2005-07-27 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. |
|
576 |
CVE-2005-2307 |
|
|
DoS |
2005-07-19 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
netman.dll in Microsoft Windows Connections Manager Library allows
local users to cause a denial of service (Network Connections Service
crash) via a large integer argument to a particular function, aka
"Network Connection Manager Vulnerability." |
|
577 |
CVE-2005-2126 |
|
|
|
2005-10-21 |
2018-10-12 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The FTP client in Windows XP SP1 and Server 2003, and Internet
Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP
Sites" is enabled and the user manually initiates a file transfer,
allows user-assisted, remote FTP servers to overwrite files in arbitrary
locations via crafted filenames. |
|
578 |
CVE-2005-2124 |
|
|
Exec Code Overflow |
2005-11-29 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Graphics Rendering Engine
(GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1,
related to "An unchecked buffer" and possibly buffer overflows, allows
remote attackers to execute arbitrary code via a crafted Windows
Metafile (WMF) format image, aka "Windows Metafile Vulnerability." |
|
579 |
CVE-2005-2123 |
|
|
Exec Code Overflow |
2005-11-29 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the Graphics Rendering Engine
(GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1
allow remote attackers to execute arbitrary code via crafted Windows
Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to
heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
|
|
580 |
CVE-2005-2122 |
|
|
Exec Code Overflow |
2005-10-21 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and
Server 2003 allows remote attackers to execute arbitrary commands via a
shortcut (.lnk) file with long font properties that lead to a buffer
overflow in the Client/Server Runtime Server Subsystem (CSRSS), a
different vulnerability than CVE-2005-2118. |
|
581 |
CVE-2005-2120 |
|
|
Exec Code Overflow |
2005-10-13 |
2018-10-12 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the Plug and Play (PnP) service
(UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows
remote or local authenticated attackers to execute arbitrary code via a
large number of "\" (backslash) characters in a registry key name,
which triggers the overflow in a wsprintfW function call. |
|
582 |
CVE-2005-2119 |
|
|
|
2005-10-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The MIDL_user_allocate function in the Microsoft Distributed
Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page
of memory regardless of the required size, which allows attackers to
overwrite arbitrary memory locations using an incorrect size value that
is provided to the NdrAllocate function, which writes management data to
memory outside of the allocated buffer. |
|
583 |
CVE-2005-2118 |
|
|
Exec Code Overflow |
2005-10-21 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and
Server 2003 allows remote user-assisted attackers to execute arbitrary
commands via a crafted shortcut (.lnk) file with long font properties
that lead to a buffer overflow when the user views the file's properties
using Windows Explorer, a different vulnerability than CVE-2005-2122.
|
|
584 |
CVE-2005-2117 |
|
|
Exec Code |
2005-10-21 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1
and SP2, and Server 2003 does not properly handle certain HTML
characters in preview fields, which allows remote user-assisted
attackers to execute arbitrary code. |
|
585 |
CVE-2005-1987 |
|
|
Exec Code Overflow |
2005-10-13 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Collaboration Data Objects (CDO), as used in
Microsoft Windows and Microsoft Exchange Server, allows remote attackers
to execute arbitrary code when CDOSYS or CDOEX processes an e-mail
message with a large header name, as demonstrated using the
"Content-Type" string. |
|
586 |
CVE-2005-1985 |
|
|
Exec Code |
2005-10-13 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Client Service for NetWare (CSNW) on Microsoft Windows 2000
SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote
attackers to execute arbitrary code due to an "unchecked buffer" when
processing certain crafted network messages. |
|
587 |
CVE-2005-1984 |
|
|
Exec Code Overflow |
2005-08-10 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Print Spooler service (Spoolsv.exe) for
Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows
remote attackers to execute arbitrary code via a malicious message. |
|
588 |
CVE-2005-1983 |
|
|
Exec Code Overflow +Priv |
2005-08-10 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Plug and Play (PnP) service for
Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote
attackers to execute arbitrary code via a crafted packet, and local
users to gain privileges via a malicious application, as exploited by
the Zotob (aka Mytob) worm. |
|
589 |
CVE-2005-1982 |
|
|
+Info |
2005-08-10 |
2019-04-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows
2000, Windows XP, and Windows Server 2003 could allow a local user to
obtain information and spoof a server via a man-in-the-middle (MITM)
attack between a client and a domain controller when PKINIT smart card
authentication is being used. |
|
590 |
CVE-2005-1980 |
|
|
DoS |
2005-10-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Distributed Transaction Controller in Microsoft Windows allows
remote servers to cause a denial of service (MSDTC service hang) via a
crafted Transaction Internet Protocol (TIP) message that causes DTC to
repeatedly connect to a target IP and port number after an error occurs,
aka the "Distributed TIP Vulnerability." |
|
591 |
CVE-2005-1979 |
|
|
DoS |
2005-10-12 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Distributed Transaction Controller in Microsoft Windows allows
remote servers to cause a denial of service (MSDTC service exception and
exit) via an "unexpected protocol command during the reconnection
request," which is not properly handled by the Transaction Internet
Protocol (TIP) functionality. |
|
592 |
CVE-2005-1978 |
|
|
Exec Code |
2005-10-12 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
COM+ in Microsoft Windows does not properly "create and use memory
structures," which allows local users or remote attackers to execute
arbitrary code. |
|
593 |
CVE-2005-1935 |
|
|
Exec Code Overflow |
2005-06-13 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the BERDecBitString function in
Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute
arbitrary code via nested constructed bit strings, which leads to a
realloc of a non-null pointer and causes the function to overwrite
previously freed memory, as demonstrated using a SPNEGO token with a
constructed bit string during HTTP authentication, and a different
vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that
MS:MS04-007 fixes this issue. |
|
594 |
CVE-2005-1792 |
|
|
DoS |
2005-06-01 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Windows Management Instrumentation (WMI) service
allows attackers to cause a denial of service (memory consumption and
crash) by creating security contexts more quickly than they can be
cleared from the RPC cache. |
|
595 |
CVE-2005-1649 |
|
|
DoS |
2005-05-18 |
2017-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn,
with Windows Firewall turned off, allows remote attackers to cause a
denial of service (CPU consumption) via a TCP packet with the SYN flag
set and the same destination and source address and port, a variant of
CVE-2005-0688 and a reoccurrence of the "Land" vulnerability
(CVE-1999-0016). |
|
596 |
CVE-2005-1218 |
|
|
DoS |
2005-08-10 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Windows kernel in Microsoft Windows 2000 Server,
Windows XP, and Windows Server 2003 allows remote attackers to cause a
denial of service (crash) via crafted Remote Desktop Protocol (RDP)
requests. |
|
597 |
CVE-2005-1214 |
|
|
Exec Code |
2005-06-14 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Agent allows remote attackers to spoof trusted Internet
content and execute arbitrary code by disguising security prompts on a
malicious Web page. |
|
598 |
CVE-2005-1212 |
|
|
Exec Code Overflow |
2005-06-14 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Microsoft Step-by-Step Interactive Training
(orun32.exe) allows remote attackers to execute arbitrary code via a
bookmark link file (.cbo, cbl, or .cbm extension) with a long User
field. |
|
599 |
CVE-2005-1208 |
|
|
Exec Code Overflow |
2005-06-14 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and
earlier, and Server 2003 SP1 and earlier allows remote attackers to
execute arbitrary code via a crafted compiled Help (.CHM) file with a
large size field that triggers a heap-based buffer overflow, as
demonstrated using a "ms-its:" URL in Internet Explorer. |
|
600 |
CVE-2005-1207 |
|
|
Exec Code Overflow |
2005-06-14 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Web Client service in Microsoft Windows XP
and Windows Server 2003 allows remote authenticated users to execute
arbitrary code via a crafted WebDAV request containing special
parameters. |
