Page 3 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2012-2897 |
119 |
|
Exec Code Overflow |
2012-09-26 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2,
and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and
Windows RT, as used by Google Chrome before 22.0.1229.79 and other
programs, do not properly handle objects in memory, which allows remote
attackers to execute arbitrary code via a crafted TrueType font file,
aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing
Vulnerability." |
|
102 |
CVE-2012-2556 |
94 |
|
Exec Code |
2012-12-11 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) driver in the kernel-mode drivers in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1,
Windows 8, Windows Server 2012, and Windows RT allows remote attackers
to execute arbitrary code via a crafted OpenType font file, aka
"OpenType Font Parsing Vulnerability." |
|
103 |
CVE-2012-2553 |
399 |
|
+Priv |
2012-11-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows
Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application, aka "Win32k
Use After Free Vulnerability." |
|
104 |
CVE-2012-2530 |
399 |
|
+Priv |
2012-11-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 allows local users to gain privileges via a crafted
application, aka "Win32k Use After Free Vulnerability." |
|
105 |
CVE-2012-2529 |
189 |
|
Overflow +Priv |
2012-10-09 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the kernel in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to
gain privileges via a crafted application that leverages improper
handling of objects in memory, aka "Windows Kernel Integer Overflow
Vulnerability." |
|
106 |
CVE-2012-2527 |
399 |
|
+Priv |
2012-08-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 allows local users to gain privileges via a crafted
application, aka "Win32k Use After Free Vulnerability." |
|
107 |
CVE-2012-2526 |
94 |
|
Exec Code |
2012-08-14 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows XP SP3 does not properly process packets in memory, which allows
remote attackers to execute arbitrary code by sending crafted RDP
packets triggering access to a deleted object, aka "Remote Desktop
Protocol Vulnerability." |
|
108 |
CVE-2012-1893 |
20 |
|
+Priv |
2012-07-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
validate callback parameters during creation of a hook procedure, which
allows local users to gain privileges via a crafted application, aka
"Win32k Incorrect Type Handling Vulnerability." |
|
109 |
CVE-2012-1890 |
20 |
|
+Priv |
2012-07-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle keyboard-layout files, which allows local users to gain
privileges via a crafted application, aka "Keyboard Layout
Vulnerability." |
|
110 |
CVE-2012-1870 |
200 |
|
+Info |
2012-07-10 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The CBC mode in the TLS protocol, as used in Microsoft Windows XP
SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server
2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products,
allows remote web servers to obtain plaintext data by triggering
multiple requests to a third-party HTTPS server and sniffing the network
during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
|
|
111 |
CVE-2012-1868 |
362 |
|
+Priv |
2012-06-12 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the thread-creation implementation in win32k.sys
in the kernel-mode drivers in Microsoft Windows XP SP3 allows local
users to gain privileges via a crafted application, aka "Win32k.sys Race
Condition Vulnerability." |
|
112 |
CVE-2012-1867 |
399 |
|
Overflow +Priv |
2012-06-12 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in win32k.sys in the kernel-mode drivers in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and
SP1 allows local users to gain privileges via a crafted TrueType font
file that triggers incorrect memory allocation, aka "Font Resource
Refcount Integer Overflow Vulnerability." |
|
113 |
CVE-2012-1866 |
20 |
|
+Priv |
2012-06-12 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle user-mode input passed to kernel mode for driver objects, which
allows local users to gain privileges via a crafted application, aka
"Clipboard Format Atom Name Handling Vulnerability." |
|
114 |
CVE-2012-1865 |
20 |
|
+Priv |
2012-06-12 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle user-mode input passed to kernel mode for driver objects, which
allows local users to gain privileges via a crafted application, aka
"String Atom Class Name Handling Vulnerability," a different
vulnerability than CVE-2012-1864. |
|
115 |
CVE-2012-1864 |
20 |
|
+Priv |
2012-06-12 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle user-mode input passed to kernel mode for driver objects, which
allows local users to gain privileges via a crafted application, aka
"String Atom Class Name Handling Vulnerability," a different
vulnerability than CVE-2012-1865. |
|
116 |
CVE-2012-1853 |
119 |
|
Exec Code Overflow |
2012-08-14 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Remote Administration Protocol
(RAP) implementation in the LanmanWorkstation service in Microsoft
Windows XP SP3 allows remote attackers to execute arbitrary code via
crafted RAP response packets, aka "Remote Administration Protocol Stack
Overflow Vulnerability." |
|
117 |
CVE-2012-1852 |
119 |
|
Exec Code Overflow |
2012-08-14 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Remote Administration Protocol
(RAP) implementation in the LanmanWorkstation service in Microsoft
Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code
via crafted RAP response packets, aka "Remote Administration Protocol
Heap Overflow Vulnerability." |
|
118 |
CVE-2012-1851 |
134 |
|
Exec Code |
2012-08-14 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the Print Spooler service in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and
SP1 allows remote attackers to execute arbitrary code via a crafted
response, aka "Print Spooler Service Format String Vulnerability." |
|
119 |
CVE-2012-1850 |
20 |
|
DoS |
2012-08-14 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Remote Administration Protocol (RAP) implementation in the
LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows
Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses,
which allows remote attackers to cause a denial of service (service
hang) via crafted RAP packets, aka "Remote Administration Protocol
Denial of Service Vulnerability." |
|
120 |
CVE-2012-1848 |
20 |
|
+Priv |
2012-05-08 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer
Preview does not properly handle user-mode input passed to kernel mode,
which allows local users to gain privileges via a crafted application,
aka "Scrollbar Calculation Vulnerability." |
|
121 |
CVE-2012-1528 |
189 |
|
Overflow +Priv |
2012-11-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows
Server 2012 allows local users to gain privileges via a crafted
briefcase, aka "Windows Briefcase Integer Overflow Vulnerability." |
|
122 |
CVE-2012-1527 |
189 |
|
+Priv |
2012-11-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in Windows Shell in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows
Server 2012 allows local users to gain privileges via a crafted
briefcase, aka "Windows Briefcase Integer Underflow Vulnerability." |
|
123 |
CVE-2012-0217 |
119 |
|
Overflow +Priv |
2012-06-12 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The x86-64 kernel system-call functionality in Xen 4.1.2 and
earlier, as used in Citrix XenServer 6.0.2 and earlier and other
products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent
SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD
6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and
Windows 7 Gold and SP1; and possibly other operating systems, when
running on an Intel processor, incorrectly uses the sysret path in cases
where a certain address is not a canonical address, which allows local
users to gain privileges via a crafted application. NOTE: because this
issue is due to incorrect use of the Intel specification, it should have
been split into separate identifiers; however, there was some value in
preserving the original mapping of the multi-codebase
coordinated-disclosure effort to a single identifier. |
|
124 |
CVE-2012-0181 |
264 |
|
+Priv |
2012-05-08 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer
Preview does not properly manage Keyboard Layout files, which allows
local users to gain privileges via a crafted application, aka "Keyboard
Layout File Vulnerability." |
|
125 |
CVE-2012-0180 |
20 |
|
+Priv |
2012-05-08 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer
Preview does not properly handle user-mode input passed to kernel mode
for (1) windows and (2) messages, which allows local users to gain
privileges via a crafted application, aka "Windows and Messages
Vulnerability." |
|
126 |
CVE-2012-0175 |
94 |
|
Exec Code |
2012-07-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003
SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and
Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
via a crafted name for a (1) file or (2) directory, aka "Command
Injection Vulnerability." |
|
127 |
CVE-2012-0173 |
94 |
|
Exec Code |
2012-06-12 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does
not properly process packets in memory, which allows remote attackers
to execute arbitrary code by sending crafted RDP packets triggering
access to an object that (1) was not properly initialized or (2) is
deleted, aka "Remote Desktop Protocol Vulnerability," a different
vulnerability than CVE-2012-0002. |
|
128 |
CVE-2012-0159 |
399 |
|
Exec Code |
2012-05-08 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows
Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and
SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3,
and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5
before 5.1.10411 allow remote attackers to execute arbitrary code via a
crafted TrueType font (TTF) file, aka "TrueType Font Parsing
Vulnerability." |
|
129 |
CVE-2012-0157 |
20 |
|
+Priv |
2012-03-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle window messaging, which allows local users to gain privileges via
a crafted application that calls the PostMessage function, aka
"PostMessage Function Vulnerability." |
|
130 |
CVE-2012-0154 |
399 |
|
+Priv |
2012-02-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 allows local users to gain privileges via a crafted
application that triggers keyboard layout errors, aka "Keyboard Layout
Use After Free Vulnerability." |
|
131 |
CVE-2012-0151 |
20 |
|
Exec Code |
2012-04-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Authenticode Signature Verification function in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and
Windows 8 Consumer Preview does not properly validate the digest of a
signed portable executable (PE) file, which allows user-assisted remote
attackers to execute arbitrary code via a modified file with additional
content, aka "WinVerifyTrust Signature Validation Vulnerability." |
|
132 |
CVE-2012-0148 |
20 |
|
+Priv |
2012-02-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
afd.sys in the Ancillary Function Driver in Microsoft Windows XP
SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does
not properly validate user-mode input passed to kernel mode, which
allows local users to gain privileges via a crafted application, aka
"AfdPoll Elevation of Privilege Vulnerability." |
|
133 |
CVE-2012-0013 |
|
|
Exec Code |
2012-01-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Incomplete blacklist vulnerability in the Windows Packager
configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003
SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and
Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
via a crafted ClickOnce application in a Microsoft Office document,
related to .application files, aka "Assembly Execution Vulnerability."
|
|
134 |
CVE-2012-0009 |
|
|
+Priv |
2012-01-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the Windows Object Packager
configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2
allows local users to gain privileges via a Trojan horse executable file
in the current working directory, as demonstrated by a directory that
contains a file with an embedded packaged object, aka "Object Packager
Insecure Executable Launching Vulnerability." |
|
135 |
CVE-2012-0005 |
264 |
|
+Priv |
2012-01-10 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32
subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista
SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system
locale is used, can access uninitialized memory during the processing of
Unicode characters, which allows local users to gain privileges via a
crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
|
|
136 |
CVE-2012-0004 |
|
|
Exec Code |
2012-01-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in DirectShow in DirectX in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1
allows remote attackers to execute arbitrary code via a crafted media
file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21
DirectShow filter, aka "DirectShow Remote Code Execution
Vulnerability." |
|
137 |
CVE-2012-0003 |
|
|
Exec Code |
2012-01-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in winmm.dll in Windows Multimedia
Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and
SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote
attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI
Remote Code Execution Vulnerability." |
|
138 |
CVE-2012-0002 |
94 |
|
Exec Code |
2012-03-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does
not properly process packets in memory, which allows remote attackers
to execute arbitrary code by sending crafted RDP packets triggering
access to an object that (1) was not properly initialized or (2) is
deleted, aka "Remote Desktop Protocol Vulnerability." |
|
139 |
CVE-2012-0001 |
|
|
Bypass |
2012-01-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2,
Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 does not properly load structured exception handling
tables, which allows context-dependent attackers to bypass the SafeSEH
security feature by leveraging a Visual C++ .NET 2003 application, aka
"Windows Kernel SafeSEH Bypass Vulnerability." |
|
140 |
CVE-2011-5046 |
20 |
1
|
DoS Exec Code Mem. Corr. |
2011-12-30 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Device Interface (GDI) in win32k.sys in the
kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,
and Windows 7 Gold and SP1 does not properly validate user-mode input,
which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption) via crafted data, as demonstrated
by a large height attribute of an IFRAME element rendered by Safari, aka
"GDI Access Violation Vulnerability." |
|
141 |
CVE-2011-3417 |
264 |
|
|
2011-12-29 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Forms Authentication feature in the ASP.NET subsystem in
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when
sliding expiry is enabled, does not properly handle cached content,
which allows remote attackers to obtain access to arbitrary user
accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket
Caching Vulnerability." |
|
142 |
CVE-2011-3416 |
264 |
|
Bypass |
2011-12-29 |
2018-10-30 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
The Forms Authentication feature in the ASP.NET subsystem in
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0
allows remote authenticated users to obtain access to arbitrary user
accounts via a crafted username, aka "ASP.Net Forms Authentication
Bypass Vulnerability." |
|
143 |
CVE-2011-3415 |
20 |
|
|
2011-12-29 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open redirect vulnerability in the Forms Authentication feature in
the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1,
3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary
web sites and conduct phishing attacks via a crafted return URL, aka
"Insecure Redirect in .NET Form Authentication Vulnerability." |
|
144 |
CVE-2011-3414 |
399 |
|
DoS |
2011-12-29 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CaseInsensitiveHashProvider.getHashCode function in the
HashTable implementation in the ASP.NET subsystem in Microsoft .NET
Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values
for form parameters without restricting the ability to trigger hash
collisions predictably, which allows remote attackers to cause a denial
of service (CPU consumption) by sending many crafted parameters, aka
"Collisions in HashTable May Cause DoS Vulnerability." |
|
145 |
CVE-2011-3408 |
264 |
|
+Priv |
2011-12-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in
the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,
and Windows 7 Gold and SP1 does not properly check permissions for
sending inter-process device-event messages from low-integrity processes
to high-integrity processes, which allows local users to gain
privileges via a crafted application, aka "CSRSS Local Privilege
Elevation Vulnerability." |
|
146 |
CVE-2011-3406 |
119 |
|
Exec Code Overflow |
2011-12-13 |
2018-10-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Buffer overflow in Active Directory, Active Directory Application
Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS)
in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows
Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold
and SP1 allows remote authenticated users to execute arbitrary code via a
crafted query that leverages incorrect memory initialization, aka
"Active Directory Buffer Overflow Vulnerability." |
|
147 |
CVE-2011-3402 |
|
|
Exec Code |
2011-11-04 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the TrueType font parsing engine in
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers
to execute arbitrary code via crafted font data in a Word document or
web page, as exploited in the wild in November 2011 by Duqu, aka
"TrueType Font Parsing Vulnerability." |
|
148 |
CVE-2011-3401 |
94 |
|
Exec Code Mem. Corr. |
2011-12-13 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft
Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1
allows remote attackers to execute arbitrary code via a crafted .dvr-ms
file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
|
|
149 |
CVE-2011-3400 |
94 |
|
Exec Code |
2011-12-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not
properly handle OLE objects in memory, which allows remote attackers to
execute arbitrary code via a crafted object in a file, aka "OLE Property
Vulnerability." |
|
150 |
CVE-2011-3397 |
94 |
|
Exec Code |
2011-12-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP
SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute
arbitrary code via a crafted web site that leverages an unspecified
"binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code
Execution Vulnerability." |
|
|
