Page 4 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
151 |
CVE-2011-2600 |
264 |
|
DoS |
2011-06-30 |
2011-07-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The GPU support functionality in Windows XP does not properly
restrict rendering time, which allows remote attackers to cause a denial
of service (system crash) via vectors involving WebGL and (1) shader
programs or (2) complex 3D geometry, as demonstrated by using Mozilla
Firefox or Google Chrome to visit the lots-of-polys-example.html test
page in the Khronos WebGL SDK. |
|
152 |
CVE-2011-2018 |
264 |
|
+Priv |
2011-12-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold
and SP1 does not properly initialize objects, which allows local users
to gain privileges via a crafted application, aka "Windows Kernel
Exception Handler Vulnerability." |
|
153 |
CVE-2011-2014 |
287 |
|
Bypass |
2011-11-08 |
2018-10-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The LDAP over SSL (aka LDAPS) implementation in Active Directory,
Active Directory Application Mode (ADAM), and Active Directory
Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine
Certificate Revocation Lists (CRLs), which allows remote authenticated
users to bypass intended certificate restrictions and access Active
Directory resources by leveraging a revoked X.509 certificate for a
domain account, aka "LDAPS Authentication Bypass Vulnerability." |
|
154 |
CVE-2011-2011 |
399 |
|
+Priv |
2011-10-11 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 allows local users to gain privileges via a crafted
application that leverages incorrect driver object management, aka
"Win32k Use After Free Vulnerability." |
|
155 |
CVE-2011-2005 |
264 |
|
+Priv |
2011-10-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
afd.sys in the Ancillary Function Driver in Microsoft Windows XP
SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode
input passed to kernel mode, which allows local users to gain privileges
via a crafted application, aka "Ancillary Function Driver Elevation of
Privilege Vulnerability." |
|
156 |
CVE-2011-2003 |
119 |
|
Exec Code Overflow |
2011-10-11 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in win32k.sys in the kernel-mode drivers in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and
SP1 allows remote attackers to execute arbitrary code via a crafted .fon
file, aka "Font Library File Buffer Overrun Vulnerability." |
|
157 |
CVE-2011-1991 |
|
|
+Priv |
2011-09-15 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple untrusted search path vulnerabilities in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2,
Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1
allow local users to gain privileges via a Trojan horse DLL in the
current working directory, as demonstrated by a directory that contains a
.doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display
Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder
Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor
(IME), and (6) Microsoft Management Console (MMC), aka "Windows
Components Insecure Library Loading Vulnerability." |
|
158 |
CVE-2011-1985 |
|
|
DoS +Priv |
2011-10-11 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008
SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
validate user-mode input, which allows local users to gain privileges or
cause a denial of service (NULL pointer dereference and system crash)
via a crafted application, aka "Win32k Null Pointer De-reference
Vulnerability." |
|
159 |
CVE-2011-1974 |
264 |
|
+Priv |
2011-08-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS)
in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does
not properly validate user-mode input, which allows local users to gain
privileges via a crafted application, aka "NDISTAPI Elevation of
Privilege Vulnerability." |
|
160 |
CVE-2011-1968 |
399 |
|
DoS |
2011-08-10 |
2018-10-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly
process packets in memory, which allows remote attackers to cause a
denial of service (reboot) by sending crafted RDP packets triggering
access to an object that (1) was not properly initialized or (2) is
deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol
Vulnerability." |
|
161 |
CVE-2011-1967 |
264 |
|
+Priv |
2011-08-10 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in
the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1,
and Windows 7 Gold and SP1 does not properly check permissions for
sending inter-process device-event messages from low-integrity processes
to high-integrity processes, which allows local users to gain
privileges via a crafted application, aka "CSRSS Vulnerability." |
|
162 |
CVE-2011-1894 |
79 |
|
XSS |
2011-06-16 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The MHTML protocol handler in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008
Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly
handle a MIME format in a request for embedded content in an HTML
document, which allows remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted EMBED element in a web page that is visited
in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
|
|
163 |
CVE-2011-1886 |
|
|
|
2011-07-13 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3
does not properly validate the arguments to functions, which allows
local users to read arbitrary data from kernel memory via a crafted
application that triggers a NULL pointer dereference, aka "Win32k
Incorrect Parameter Validation Allows Information Disclosure
Vulnerability." |
|
164 |
CVE-2011-1885 |
|
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other CVEs
listed in MS11-054, aka "Win32k Null Pointer De-reference
Vulnerability." |
|
165 |
CVE-2011-1884 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
166 |
CVE-2011-1883 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
167 |
CVE-2011-1882 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
168 |
CVE-2011-1881 |
|
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other CVEs
listed in MS11-054, aka "Win32k Null Pointer De-reference
Vulnerability." |
|
169 |
CVE-2011-1880 |
|
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other CVEs
listed in MS11-054, aka "Win32k Null Pointer De-reference
Vulnerability." |
|
170 |
CVE-2011-1879 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
171 |
CVE-2011-1878 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
172 |
CVE-2011-1876 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
173 |
CVE-2011-1875 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
174 |
CVE-2011-1874 |
399 |
|
+Priv |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other CVEs listed in
MS11-054, aka "Win32k Use After Free Vulnerability." |
|
175 |
CVE-2011-1873 |
20 |
|
Exec Code |
2011-06-16 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2,
Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008
Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit
platforms does not properly validate pointers during the parsing of
OpenType (aka OTF) fonts, which allows remote attackers to execute
arbitrary code via a crafted font file, aka "Win32k OTF Validation
Vulnerability." |
|
176 |
CVE-2011-1870 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Client/Server Run-time Subsystem (aka
CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and
Windows Server 2003 SP2, allows local users to gain privileges or cause a
denial of service (memory corruption) via a crafted application that
triggers an incorrect memory assignment for a user transaction, aka
"CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability." |
|
177 |
CVE-2011-1869 |
399 |
|
DoS |
2011-06-16 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Distributed File System (DFS) implementation in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and
SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold
and SP1 allows remote DFS servers to cause a denial of service (system
hang) via a crafted referral response, aka "DFS Referral Response
Vulnerability." |
|
178 |
CVE-2011-1868 |
119 |
|
Exec Code Overflow Mem. Corr. |
2011-06-16 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Distributed File System (DFS) implementation in Microsoft
Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate
fields in DFS responses, which allows remote DFS servers to execute
arbitrary code via a crafted response, aka "DFS Memory Corruption
Vulnerability." |
|
179 |
CVE-2011-1284 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Client/Server Run-time Subsystem (aka
CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008
Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users
to gain privileges or cause a denial of service (memory corruption) via
a crafted application that triggers an incorrect memory assignment for a
user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput
Vulnerability." |
|
180 |
CVE-2011-1283 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32
subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not
ensure that an unspecified array index has a non-negative value before
performing read and write operations, which allows local users to gain
privileges or cause a denial of service (memory corruption) via a
crafted application that triggers an incorrect memory assignment for a
user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand
Vulnerability." |
|
181 |
CVE-2011-1282 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32
subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 does not properly initialize memory and
consequently uses a NULL pointer in an unspecified function call, which
allows local users to gain privileges or cause a denial of service
(memory corruption) via a crafted application that triggers an incorrect
memory assignment for a user transaction, aka "CSRSS Local EOP
SrvSetConsoleLocalEUDC Vulnerability." |
|
182 |
CVE-2011-1281 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2011-07-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32
subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 does not properly restrict the number of
console objects for a process, which allows local users to gain
privileges or cause a denial of service (memory corruption) via a
crafted application that triggers an incorrect memory assignment for a
user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability." |
|
183 |
CVE-2011-1268 |
20 |
|
Exec Code |
2011-06-16 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2,
and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to
execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response,
aka "SMB Response Parsing Vulnerability." |
|
184 |
CVE-2011-1249 |
264 |
|
+Priv |
2011-06-16 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Ancillary Function Driver (AFD) in afd.sys in Microsoft
Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and
SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold
and SP1 does not properly validate user-mode input, which allows local
users to gain privileges via a crafted application, aka "Ancillary
Function Driver Elevation of Privilege Vulnerability." |
|
185 |
CVE-2011-1247 |
|
|
+Priv |
2011-10-11 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the Microsoft Active
Accessibility component in Microsoft Windows XP SP2 and SP3, Windows
Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a Trojan horse DLL in the current working directory, aka "Active
Accessibility Insecure Library Loading Vulnerability." |
|
186 |
CVE-2011-1243 |
119 |
|
Exec Code Overflow |
2011-04-13 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Windows Messenger ActiveX control in msgsc.dll in Microsoft
Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code
via unspecified vectors that "corrupt the system state," aka "Microsoft
Windows Messenger ActiveX Control Vulnerability." |
|
187 |
CVE-2011-1242 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
188 |
CVE-2011-1241 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
189 |
CVE-2011-1240 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
190 |
CVE-2011-1239 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
191 |
CVE-2011-1238 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
192 |
CVE-2011-1237 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
193 |
CVE-2011-1236 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
194 |
CVE-2011-1235 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
195 |
CVE-2011-1234 |
399 |
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2
SP1, and Windows 7 Gold and SP1 allows local users to gain privileges
via a crafted application that leverages incorrect driver object
management, a different vulnerability than other "Vulnerability Type 1"
CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." |
|
196 |
CVE-2011-1233 |
|
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other
"Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer
De-reference Vulnerability." |
|
197 |
CVE-2011-1232 |
|
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other
"Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer
De-reference Vulnerability." |
|
198 |
CVE-2011-1231 |
|
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other
"Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer
De-reference Vulnerability." |
|
199 |
CVE-2011-1230 |
|
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other
"Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer
De-reference Vulnerability." |
|
200 |
CVE-2011-1229 |
|
|
+Priv |
2011-04-13 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows
local users to gain privileges via a crafted application that triggers a
NULL pointer dereference, a different vulnerability than other
"Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer
De-reference Vulnerability." |
|
|
