| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
601 |
CVE-2005-1206 |
|
|
Exec Code Overflow |
2005-06-14 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Server Message Block (SMB) functionality
for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1
allows remote attackers to execute arbitrary code via unknown vectors,
aka the "Server Message Block Vulnerability." |
|
602 |
CVE-2005-1184 |
|
|
DoS |
2005-05-02 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP/IP stack in multiple operating systems allows remote
attackers to cause a denial of service (CPU consumption) via a TCP
packet with the correct sequence number but the wrong Acknowledgement
number, which generates a large number of "keep alive" packets. NOTE:
some followups indicate that this issue could not be replicated. |
|
603 |
CVE-2005-0954 |
|
|
DoS |
2005-05-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows Explorer and Internet Explorer in Windows 2000 SP1 allows
remote attackers to cause a denial of service (CPU consumption) via a
malformed Windows Metafile (WMF) file. |
|
604 |
CVE-2005-0904 |
20 |
|
|
2005-05-02 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Remote Desktop in Windows XP SP1 does not verify the "Force
shutdown from a remote system" setting, which allows remote attackers to
shut down the system by executing TSShutdn.exe. |
|
605 |
CVE-2005-0852 |
|
|
DoS |
2005-05-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows XP SP1 allows local users to cause a denial of
service (system crash) via an empty datagram to a raw IP over IP socket
(IP protocol 4), as originally demonstrated using code in Python 2.3.
|
|
606 |
CVE-2005-0688 |
|
|
DoS |
2005-03-05 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows Server 2003 and XP SP2, with Windows Firewall turned off,
allows remote attackers to cause a denial of service (CPU consumption)
via a TCP packet with the SYN flag set and the same destination and
source address and port, aka a reoccurrence of the "Land" vulnerability
(CVE-1999-0016). |
|
607 |
CVE-2005-0551 |
|
|
Overflow +Priv |
2005-05-02 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in WINSRV.DLL in the Client Server
Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1
and SP2, and Windows Server 2003 allows local users to gain privileges
via a specially-designed application that provides console window
information with a long FaceName value. |
|
608 |
CVE-2005-0550 |
|
|
DoS Overflow |
2005-05-02 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2,
and Windows Server 2003 allows local users to cause a denial of service
(i.e., system crash) via a malformed request, aka "Object Management
Vulnerability". |
|
609 |
CVE-2005-0545 |
|
|
Bypass |
2005-05-02 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running
Active Directory allow local users to bypass group policies that
restrict access to hidden drives by using the browse feature in Office
10 applications such as Word or Excel, or using a flash drive. NOTE:
this issue has been disputed in a followup post. |
|
610 |
CVE-2005-0416 |
|
|
Exec Code Overflow |
2005-04-27 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Windows Animated Cursor (ANI) capability in Windows NT,
Windows 2000 through SP4, Windows XP through SP1, and Windows 2003
allows remote attackers to execute arbitrary code via the
AnimationHeaderBlock length field, which leads to a stack-based buffer
overflow. |
|
611 |
CVE-2005-0356 |
|
|
DoS |
2005-05-31 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple TCP implementations with Protection Against Wrapped
Sequence Numbers (PAWS) with the timestamps option enabled allow remote
attackers to cause a denial of service (connection loss) via a spoofed
packet with a large timer value, which causes the host to discard later
packets because they appear to be too old. |
|
612 |
CVE-2005-0063 |
|
|
Exec Code |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The document processing application used by the Windows Shell in
Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows
remote attackers to execute arbitrary code by modifying the CLSID stored
in a file so that it is processed by HTML Application Host (MSHTA), as
demonstrated using a Microsoft Word document. |
|
613 |
CVE-2005-0061 |
|
|
+Priv |
2005-05-02 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and
Windows Server 2003 allows local users to gain privileges via certain
access requests. |
|
614 |
CVE-2005-0060 |
|
|
Overflow +Priv |
2005-05-02 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the font processing component of Microsoft
Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows
local users to gain privileges via a specially-designed application.
|
|
615 |
CVE-2005-0059 |
|
|
Exec Code Overflow |
2005-05-02 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Message Queuing component of Microsoft
Windows 2000 and Windows XP SP1 allows remote attackers to execute
arbitrary code via a crafted message. |
|
616 |
CVE-2005-0058 |
|
|
Exec Code Overflow |
2005-08-10 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Telephony Application Programming Interface
(TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows
2000, Windows XP, and Windows Server 2003 allows attackers to elevate
privileges or execute arbitrary code via a crafted message. |
|
617 |
CVE-2005-0057 |
|
|
Exec Code Overflow |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Hyperlink Object Library for Windows 98, 2000, XP, and Server
2003 allows remote attackers to execute arbitrary code via a crafted
link that triggers an "unchecked buffer" in the library, possibly due to
a buffer overflow. |
|
618 |
CVE-2005-0053 |
|
|
Exec Code |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to
execute arbitrary code via drag and drop events, aka the "Drag-and-Drop
Vulnerability." |
|
619 |
CVE-2005-0051 |
|
|
+Info |
2005-05-02 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows
remote attackers to obtain sensitive information (users who are
accessing resources) via an anonymous logon using a named pipe, which is
not properly authenticated, aka the "Named Pipe Vulnerability." |
|
620 |
CVE-2005-0048 |
|
|
DoS Exec Code |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server
2003, and older operating systems allows remote attackers to cause a
denial of service and possibly execute arbitrary code via crafted IP
packets with malformed options, aka the "IP Validation Vulnerability."
|
|
621 |
CVE-2005-0047 |
|
|
Exec Code |
2005-05-02 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows 2000, XP, and Server 2003 does not properly "validate the
use of memory regions" for COM structured storage files, which allows
attackers to execute arbitrary code, aka the "COM Structured Storage
Vulnerability." |
|
622 |
CVE-2005-0045 |
|
|
Exec Code |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Server Message Block (SMB) implementation for Windows NT 4.0,
2000, XP, and Server 2003 does not properly validate certain SMB
packets, which allows remote attackers to execute arbitrary code via
Transaction responses containing (1) Trans or (2) Trans2 commands, aka
the "Server Message Block Vulnerability," and as demonstrated using
Trans2 FIND_FIRST2 responses with large file name length fields. |
|
623 |
CVE-2005-0044 |
|
|
Exec Code |
2005-05-02 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The OLE component in Windows 98, 2000, XP, and Server 2003, and
Exchange Server 5.0 through 2003, does not properly validate the lengths
of messages for certain OLE data, which allows remote attackers to
execute arbitrary code, aka the "Input Validation Vulnerability." |
|
624 |
CVE-2004-2527 |
|
|
DoS |
2004-12-31 |
2017-07-10 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
The local and remote desktop login screens in Microsoft Windows XP
before SP2 and 2003 allow remote attackers to cause a denial of service
(CPU and memory consumption) by repeatedly using the WinKey+"U" key
combination, which causes multiple copies of Windows Utility Manager to
be loaded more quickly than they can be closed when the copies detect
that another instance is running. |
|
625 |
CVE-2004-2365 |
|
|
DoS |
2004-12-31 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in Microsoft Windows XP and Windows Server 2003 allows
local users to cause a denial of service (memory exhaustion) by
repeatedly creating and deleting directories using a non-standard tool
such as smbmount. |
|
626 |
CVE-2004-2339 |
|
|
Exec Code |
2004-12-31 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003
allows local users with the SeDebugPrivilege privilege to execute
arbitrary code as kernel and read or write kernel memory via the
NtSystemDebugControl function, which does not verify its pointer
arguments. Note: this issue has been disputed, since Administrator
privileges are typically required to exploit this issue, thus privilege
boundaries are not crossed. |
|
627 |
CVE-2004-2307 |
|
|
DoS |
2004-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote
attackers to cause a denial of service (browser crash) via a shell: URI
with double backslashes (\\) in an HTML tag such as IFRAME or A. |
|
628 |
CVE-2004-2290 |
|
|
Exec Code |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows XP Explorer allows attackers to execute
arbitrary code via a HTML and script in a self-executing folder that
references an executable file within the folder, which is automatically
executed when a user accesses the folder. |
|
629 |
CVE-2004-2289 |
|
|
Exec Code |
2004-12-31 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP Explorer allows local users to execute
arbitrary code via a system folder with a Desktop.ini file containing a
.ShellClassInfo specifier with a CLSID value that is associated with an
executable file. |
|
630 |
CVE-2004-2176 |
|
|
Bypass |
2004-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2
is configured by default to trust sessmgr.exe, which allows local users
to use sessmgr.exe to create a local listening port that bypasses the
ICF access controls. |
|
631 |
CVE-2004-1623 |
|
|
DoS |
2004-10-22 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The WAV file property handler in Windows XP SP1 allows remote
attackers to cause a denial of service (infinite loop in Explorer) via a
WAV file with an invalid file header whose fmt chunk length is set to
0xFFFFFFFF. |
|
632 |
CVE-2004-1361 |
|
|
Exec Code Overflow |
2004-12-23 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Integer underflow in winhlp32.exe in Windows NT, Windows 2000
through SP4, Windows XP through SP2, and Windows 2003 allows remote
attackers to execute arbitrary code via a malformed .hlp file, which
leads to a heap-based buffer overflow. |
|
633 |
CVE-2004-1319 |
|
|
|
2004-12-15 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to
inject arbitrary web script into other domains by setting a name for a
window, opening a child page whose target is the window with the given
name, then injecting the script from the parent into the child using
execScript, as demonstrated by "AbusiveParent" in Internet Explorer
6.0.2900.2180. |
|
634 |
CVE-2004-1306 |
|
|
Exec Code Overflow |
2004-12-31 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows
2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote
attackers to execute arbitrary code via a crafted .hlp file. |
|
635 |
CVE-2004-1305 |
|
|
DoS |
2004-12-23 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Windows Animated Cursor (ANI) capability in Windows NT,
Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow
remote attackers to cause a denial of service via (1) the frame number
set to zero, which causes an invalid memory address to be used and leads
to a kernel crash, or (2) the rate number set to zero, which leads to
resource exhaustion and hang. |
|
636 |
CVE-2004-1049 |
|
|
Exec Code Overflow |
2004-12-31 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the LoadImage API of the USER32 Lib for
Microsoft Windows allows remote attackers to execute arbitrary code via a
.bmp, .cur, .ico or .ani file with a large image size field, which
leads to a buffer overflow, aka the "Cursor and Icon Format Handling
Vulnerability." |
|
637 |
CVE-2004-1043 |
|
|
Exec Code |
2004-12-31 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to
execute arbitrary code by using the "Related Topics" command in the
Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing
the PCHealth tools.htm file in the local zone and injecting Javascript
to be executed, as demonstrated using "writehta.txt" and the ADODB
recordset, which saves a .HTA file to the local system, aka the "HTML
Help ActiveX control Cross Domain Vulnerability." |
|
638 |
CVE-2004-0979 |
|
|
|
2004-12-31 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer on Windows XP does not properly modify the "Drag
and Drop or copy and paste files" setting when the user sets it to
"Disable" or "Prompt," which may enable security-sensitive operations
that are inconsistent with the user's intended configuration. |
|
639 |
CVE-2004-0901 |
|
|
Exec Code |
2005-01-10 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used
in WordPad, does not properly validate certain data lengths, which
allows remote attackers to execute arbitrary code via a .wri, .rtf, and
.doc file sent by email or malicious web site, aka "Font Conversion
Vulnerability," a different vulnerability than CVE-2004-0571. |
|
640 |
CVE-2004-0897 |
|
|
Exec Code Overflow |
2005-01-11 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Indexing Service for Microsoft Windows XP and Server 2003 does
not properly validate the length of a message, which allows remote
attackers to execute arbitrary code via a buffer overflow attack. |
|
641 |
CVE-2004-0894 |
|
|
+Priv |
2005-01-10 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
LSASS (Local Security Authority Subsystem Service) of Windows 2000
Server and Windows Server 2003 does not properly validate connection
information, which allows local users to gain privileges via a
specially-designed program. |
|
642 |
CVE-2004-0893 |
|
|
+Priv |
2005-01-10 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Local Procedure Call (LPC) interface of the Windows Kernel for
Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does
not properly validate the lengths of messages sent to the LPC port,
which allows local users to gain privileges, aka "Windows Kernel
Vulnerability." |
|
643 |
CVE-2004-0840 |
|
|
Exec Code |
2004-11-03 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMTP (Simple Mail Transfer Protocol) component of Microsoft
Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003
64-bit Edition, and the Exchange Routing Engine component of Exchange
Server 2003, allows remote attackers to execute arbitrary code via a
malicious DNS response message containing length values that are not
properly validated. |
|
644 |
CVE-2004-0839 |
|
|
|
2004-08-18 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Internet Explorer in Windows XP SP2, and other versions including
5.01 and 5.5, allows remote attackers to install arbitrary programs via a
web page that uses certain styles and the AnchorClick behavior, popup
windows, and drag-and-drop capabilities to drop the program in the local
startup folder, as demonstrated by "wottapoop.html". |
|
645 |
CVE-2004-0790 |
|
|
DoS |
2005-04-12 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple TCP/IP and ICMP implementations allow remote attackers to
cause a denial of service (reset TCP connections) via spoofed ICMP
error messages, aka the "blind connection-reset attack." NOTE:
CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on
different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and
CVE-2005-0068 are related identifiers that are SPLIT based on the
underlying vulnerability. While CVE normally SPLITs based on
vulnerability, the attack-based identifiers exist due to the variety and
number of affected implementations and solutions that address the
attacks instead of the underlying vulnerabilities. |
|
646 |
CVE-2004-0575 |
|
|
Exec Code Overflow |
2004-11-03 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows
XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit
Edition allows remote attackers to execute arbitrary code via compressed
(zipped) folders that involve an "unchecked buffer" and improper length
validation. |
|
647 |
CVE-2004-0571 |
|
|
Exec Code |
2005-01-10 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word for Windows 6.0 Converter does not properly
validate certain data lengths, which allows remote attackers to execute
arbitrary code via a .wri, .rtf, and .doc file sent by email or
malicious web site, aka "Table Conversion Vulnerability," a different
vulnerability than CVE-2004-0901. |
|
648 |
CVE-2004-0568 |
|
|
Exec Code Overflow |
2005-01-10 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HyperTerminal application for Windows NT 4.0, Windows 2000,
Windows XP, and Windows Server 2003 does not properly validate the
length of a value that is saved in a session file, which allows remote
attackers to execute arbitrary code via a malicious HyperTerminal
session file (.ht), web site, or Telnet URL contained in an e-mail
message, triggering a buffer overflow. |
|
649 |
CVE-2004-0474 |
|
|
|
2004-07-07 |
2017-07-10 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Help Center (HelpCtr.exe) may allow remote attackers to read or
execute arbitrary files via an "http://" or "file://" argument to the
topic parameter in an hcp:// URL. NOTE: since the initial report of
this problem, several researchers have been unable to reproduce this
issue. |
|
650 |
CVE-2004-0214 |
|
|
DoS Exec Code Overflow |
2004-11-03 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Microsoft Internet Explorer and Explorer on
Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow
remote malicious servers to cause a denial of service (application
crash) and possibly execute arbitrary code via long share names, as
demonstrated using Samba. |
