Page 6 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2010-3940 |
399 |
|
+Priv |
2010-12-16 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in win32k.sys in the kernel-mode drivers
in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows
Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
allows local users to gain privileges via a crafted application, aka
"Win32k PFE Pointer Double Free Vulnerability." |
|
252 |
CVE-2010-3939 |
119 |
|
Overflow +Priv |
2010-12-16 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in win32k.sys in the kernel-mode drivers in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
allows local users to gain privileges via vectors related to improper
memory allocation for copies from user mode, aka "Win32k Buffer Overflow
Vulnerability." |
|
253 |
CVE-2010-3227 |
119 |
1
|
Exec Code Overflow |
2010-10-26 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the UpdateFrameTitleForDocument
method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation
Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and
R2, and Windows 7 allows context-dependent attackers to execute
arbitrary code via a long window title that this library attempts to
create at the request of an application, as demonstrated by the Trident
PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title
Updating Buffer Overflow Vulnerability." |
|
254 |
CVE-2010-3222 |
119 |
|
Overflow +Priv |
2010-10-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Remote Procedure Call Subsystem
(RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows
local users to gain privileges via a crafted LPC message that requests
an LRPC connection from an LPC server to a client, aka "LPC Message
Buffer Overrun Vulnerability." |
|
255 |
CVE-2010-3147 |
|
1
|
+Priv |
2010-08-27 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in
Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and
R2, and Windows 7 allows local users to gain privileges via a Trojan
horse wab32res.dll file in the current working directory, as
demonstrated by a directory that contains a Windows Address Book (WAB),
VCF (aka vCard), or P7C file, aka "Insecure Library Loading
Vulnerability." NOTE: the codebase for this product may overlap the
codebase for the product referenced in CVE-2010-3143. |
|
256 |
CVE-2010-3144 |
|
1
|
+Priv |
2010-08-27 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the Internet Connection
Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2
allows local users to gain privileges via a Trojan horse smmscrpt.dll
file in the current working directory, as demonstrated by a directory
that contains an ISP or INS file, aka "Internet Connection Signup Wizard
Insecure Library Loading Vulnerability." |
|
257 |
CVE-2010-3140 |
|
1
|
Exec Code |
2010-08-27 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Microsoft Windows Internet
Communication Settings on Windows XP SP3 allows local users, and
possibly remote attackers, to execute arbitrary code and conduct DLL
hijacking attacks via a Trojan horse schannel.dll that is located in the
same folder as an ISP file. |
|
258 |
CVE-2010-3138 |
|
2
|
+Priv |
2010-08-27 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the Indeo Codec in
iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain
privileges via a Trojan horse iacenc.dll file in the current working
directory, as demonstrated by access through BS.Player or Media Player
Classic to a directory that contains a .avi, .mka, .ra, or .ram file,
aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of
these details are obtained from third party information. |
|
259 |
CVE-2010-2746 |
119 |
|
Exec Code Overflow |
2010-10-13 |
2018-10-30 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Comctl32.dll (aka the common control
library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and
Windows 7, when a third-party SVG viewer is used, allows remote
attackers to execute arbitrary code via a crafted HTML document that
triggers unspecified messages from this viewer, aka "Comctl32 Heap
Overflow Vulnerability." |
|
260 |
CVE-2010-2744 |
264 |
1
|
+Priv |
2010-10-13 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008
Gold, SP2, and R2, and Windows 7 do not properly manage a window class,
which allows local users to gain privileges by creating a window, then
using (1) the SetWindowLongPtr function to modify the popup menu
structure, or (2) the SwitchWndProc function with a switch window
information pointer, which is not re-initialized when a WM_NCCREATE
message is processed, aka "Win32k Window Class Vulnerability." |
|
261 |
CVE-2010-2743 |
|
|
+Priv |
2011-01-20 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows XP SP3 do not
properly perform indexing of a function-pointer table during the loading
of keyboard layouts from disk, which allows local users to gain
privileges via a crafted application, as demonstrated in the wild in
July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout
Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or
CVE-2010-3889. |
|
262 |
CVE-2010-2741 |
264 |
|
+Priv |
2010-10-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2
and SP3 and Server 2003 SP2 performs an incorrect integer calculation
during font processing, which allows local users to gain privileges via a
crafted application, aka "OpenType Font Validation Vulnerability." |
|
263 |
CVE-2010-2740 |
264 |
|
+Priv |
2010-10-13 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2
and SP3 and Server 2003 SP2 does not properly perform memory allocation
during font parsing, which allows local users to gain privileges via a
crafted application, aka "OpenType Font Parsing Vulnerability." |
|
264 |
CVE-2010-2739 |
119 |
|
DoS Exec Code Overflow |
2010-09-07 |
2010-09-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the CreateDIBPalette function in win32k.sys in
Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business
SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial
of service (crash) and possibly execute arbitrary code by performing a
clipboard operation (GetClipboardData API function) with a crafted
bitmap with a palette that contains a large number of colors. |
|
265 |
CVE-2010-2738 |
20 |
|
Exec Code Mem. Corr. |
2010-09-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Uniscribe (aka new Unicode Script Processor) implementation in
USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista
SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3,
2003 SP3, and 2007 SP2, does not properly validate tables associated
with malformed OpenType fonts, which allows remote attackers to execute
arbitrary code via a crafted (1) web site or (2) Office document, aka
"Uniscribe Font Parsing Engine Memory Corruption Vulnerability." |
|
266 |
CVE-2010-2729 |
20 |
|
Exec Code |
2010-09-15 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Print Spooler service in Microsoft Windows XP SP2 and SP3,
Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008
Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does
not properly validate spooler access permissions, which allows remote
attackers to create files in a system directory, and consequently
execute arbitrary code, by sending a crafted print request over RPC, as
exploited in the wild in September 2010, aka "Print Spooler Service
Impersonation Vulnerability." |
|
267 |
CVE-2010-2568 |
20 |
|
Exec Code |
2010-07-22 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista
SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or
remote attackers to execute arbitrary code via a crafted (1) .LNK or
(2) .PIF shortcut file, which is not properly handled during icon
display in Windows Explorer, as demonstrated in the wild in July 2010,
and originally reported for malware that leverages CVE-2010-2772 in
Siemens WinCC SCADA systems. |
|
268 |
CVE-2010-2567 |
94 |
|
Exec Code Mem. Corr. |
2010-09-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RPC client implementation in Microsoft Windows XP SP2 and SP3
and Server 2003 SP2 does not properly allocate memory during the parsing
of responses, which allows remote RPC servers and man-in-the-middle
attackers to execute arbitrary code via a malformed response, aka "RPC
Memory Corruption Vulnerability." |
|
269 |
CVE-2010-2566 |
20 |
|
Exec Code |
2010-08-11 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Secure Channel (aka SChannel) security package in Microsoft
Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly
validate certificate request messages from TLS and SSL servers, which
allows remote servers to execute arbitrary code via a crafted SSL
response, aka "SChannel Malformed Certificate Request Remote Code
Execution Vulnerability." |
|
270 |
CVE-2010-2563 |
94 |
|
Exec Code Mem. Corr. |
2010-09-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Word 97 text converter in the WordPad Text Converters in
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly
parse malformed structures in Word 97 documents, which allows remote
attackers to execute arbitrary code via a crafted document containing an
unspecified value that is used in a loop counter, aka "WordPad Word 97
Text Converter Memory Corruption Vulnerability." |
|
271 |
CVE-2010-2553 |
94 |
|
Exec Code |
2010-08-11 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows
Vista SP1 and SP2, and Windows 7 does not properly decompress media
files, which allows remote attackers to execute arbitrary code via a
crafted file, aka "Cinepak Codec Decompression Vulnerability." |
|
272 |
CVE-2010-2550 |
20 |
|
Exec Code Overflow |
2010-08-11 |
2018-10-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server
2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and
R2, and Windows 7 does not properly validate fields in an SMB request,
which allows remote attackers to execute arbitrary code via a crafted
SMB packet, aka "SMB Pool Overflow Vulnerability." |
|
273 |
CVE-2010-2265 |
79 |
|
Exec Code XSS |
2010-06-15 |
2018-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the GetServerName
function in sysinfo/commonFunc.js in Microsoft Windows Help and Support
Center for Windows XP and Windows Server 2003 allows remote attackers to
inject arbitrary web script or HTML via the svr parameter to
sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885
to execute arbitrary commands without user interaction. |
|
274 |
CVE-2010-1897 |
20 |
|
+Priv |
2010-08-11 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly
validate pseudo-handle values in callback parameters during window
creation, which allows local users to gain privileges via a crafted
application, aka "Win32k Window Creation Vulnerability." |
|
275 |
CVE-2010-1896 |
20 |
|
+Priv |
2010-08-11 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and
Windows Server 2008 Gold and SP2 do not properly validate user-mode
input passed to kernel mode, which allows local users to gain privileges
via a crafted application, aka "Win32k User Input Validation
Vulnerability." |
|
276 |
CVE-2010-1895 |
264 |
|
Overflow +Priv |
2010-08-11 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform
memory allocation before copying user-mode data to kernel mode, which
allows local users to gain privileges via a crafted application, aka
"Win32k Pool Overflow Vulnerability." |
|
277 |
CVE-2010-1894 |
264 |
|
+Priv |
2010-08-11 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle
unspecified exceptions, which allows local users to gain privileges via a
crafted application, aka "Win32k Exception Handling Vulnerability."
|
|
278 |
CVE-2010-1891 |
264 |
|
+Priv |
2010-09-15 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Runtime Subsystem (aka CSRSS) in the Win32
subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a
Chinese, Japanese, or Korean locale is enabled, does not properly
allocate memory for transactions, which allows local users to gain
privileges via a crafted application, aka "CSRSS Local Elevation of
Privilege Vulnerability." |
|
279 |
CVE-2010-1888 |
362 |
|
+Priv |
2010-08-11 |
2018-10-12 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
Race condition in the kernel in Microsoft Windows XP SP3 allows
local users to gain privileges via vectors involving thread creation,
aka "Windows Kernel Data Initialization Vulnerability." |
|
280 |
CVE-2010-1887 |
20 |
|
DoS |
2010-08-11 |
2018-10-30 |
4.4 |
None |
Local |
Medium |
Single system |
None |
None |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly
validate an unspecified system-call argument, which allows local users
to cause a denial of service (system hang) via a crafted application,
aka "Win32k Bounds Checking Vulnerability." |
|
281 |
CVE-2010-1886 |
264 |
|
+Priv |
2010-08-16 |
2018-10-30 |
6.8 |
None |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows
Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow
local users to gain privileges by leveraging access to a process with
NetworkService credentials, as demonstrated by TAPI Server, SQL Server,
and IIS processes, and related to the Windows Service Isolation feature.
NOTE: the vendor states that privilege escalation from NetworkService
to LocalSystem does not cross a "security boundary." |
|
282 |
CVE-2010-1885 |
78 |
1
|
Exec Code Bypass |
2010-06-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The MPC::HexToNum function in helpctr.exe in Microsoft Windows
Help and Support Center in Windows XP and Windows Server 2003 does not
properly handle malformed escape sequences, which allows remote
attackers to bypass the trusted documents whitelist (fromHCP option) and
execute arbitrary commands via a crafted hcp:// URL, aka "Help Center
URL Validation Vulnerability." |
|
283 |
CVE-2010-1883 |
189 |
|
Exec Code Overflow |
2010-10-13 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Embedded OpenType (EOT) Font Engine in
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
allows remote attackers to execute arbitrary code via a crafted table in
an embedded font, aka "Embedded OpenType Font Integer Overflow
Vulnerability." |
|
284 |
CVE-2010-1882 |
119 |
|
Exec Code Overflow |
2010-08-11 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the MPEG Layer-3 Audio Codec for
Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3
and Server 2003 SP2 allow remote attackers to execute arbitrary code via
an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted
streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow
Vulnerability." |
|
285 |
CVE-2010-1735 |
20 |
|
DoS |
2010-05-06 |
2019-04-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnLOGONNOTIFY function in win32k.sys in the kernel in
Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a
denial of service (system crash) via a 0x4c value in the second
argument (aka the Msg argument) of a PostMessage function call for the
DDEMLEvent window. |
|
286 |
CVE-2010-1734 |
20 |
|
DoS |
2010-05-06 |
2019-04-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The SfnINSTRING function in win32k.sys in the kernel in Microsoft
Windows 2000, XP, and Server 2003 allows local users to cause a denial
of service (system crash) via a 0x18d value in the second argument (aka
the Msg argument) of a PostMessage function call for the DDEMLEvent
window. |
|
287 |
CVE-2010-1690 |
20 |
|
|
2010-05-07 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier,
Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and
earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier,
Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not
verify that transaction IDs of responses match transaction IDs of
queries, which makes it easier for man-in-the-middle attackers to spoof
DNS responses, a different vulnerability than CVE-2010-0024 and
CVE-2010-0025. |
|
288 |
CVE-2010-1689 |
310 |
|
|
2010-05-07 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier,
Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and
earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier,
Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses
predictable transaction IDs that are formed by incrementing a previous
ID by 1, which makes it easier for man-in-the-middle attackers to spoof
DNS responses, a different vulnerability than CVE-2010-0024 and
CVE-2010-0025. |
|
289 |
CVE-2010-1255 |
94 |
|
Exec Code |
2010-06-08 |
2018-10-30 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server
2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to
execute arbitrary code via vectors related to "glyph outline
information" and TrueType fonts, aka "Win32k TrueType Font Parsing
Vulnerability." |
|
290 |
CVE-2010-1098 |
399 |
|
DoS |
2010-03-24 |
2017-08-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The ANI parser in Microsoft Windows before 7 on the x86 platform,
as used in Internet Explorer and other applications, allows remote
attackers to cause a denial of service (memory and CPU consumption) via a
crafted biClrUsed value in the BITMAPINFO header of a .ANI file. |
|
291 |
CVE-2010-0917 |
119 |
|
Exec Code Overflow |
2010-03-03 |
2017-08-16 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in VBScript in Microsoft Windows 2000
SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is
used, might allow user-assisted remote attackers to execute arbitrary
code via a long string in the fourth argument (aka helpfile argument) to
the MsgBox function, leading to code execution when the F1 key is
pressed, a different vulnerability than CVE-2010-0483. |
|
292 |
CVE-2010-0820 |
119 |
|
Exec Code Overflow |
2010-09-15 |
2018-10-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Local Security Authority
Subsystem Service (LSASS), as used in Active Directory in Microsoft
Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2;
Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and
Windows Server 2003 SP2; and Active Directory Lightweight Directory
Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2,
and R2, and Windows 7, allows remote authenticated users to execute
arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow
Vulnerability." |
|
293 |
CVE-2010-0819 |
20 |
|
Exec Code Mem. Corr. |
2010-06-08 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Windows OpenType Compact Font
Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7
allows local users to execute arbitrary code via unknown vectors
related to improper validation when copying data from user mode to
kernel mode, aka "OpenType CFF Font Driver Memory Corruption
Vulnerability." |
|
294 |
CVE-2010-0818 |
94 |
|
Exec Code |
2010-09-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The MPEG-4 codec in the Windows Media codecs in Microsoft Windows
XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold
and SP2 does not properly handle crafted media content with MPEG-4
video encoding, which allows remote attackers to execute arbitrary code
via a file in an unspecified "supported format," aka "MPEG-4 Codec
Vulnerability." |
|
295 |
CVE-2010-0812 |
264 |
|
Bypass |
2010-04-14 |
2018-10-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold,
SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to
bypass intended IPv4 source-address restrictions via a mismatched IPv6
source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source
Address Spoofing Vulnerability." |
|
296 |
CVE-2010-0811 |
94 |
|
Exec Code |
2010-06-08 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the Microsoft Internet
Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000
SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1
and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7
Gold and SP1 allow remote attackers to execute arbitrary code via
unknown vectors that "corrupt the system state," aka "Microsoft Internet
Explorer 8 Developer Tools Vulnerability." |
|
297 |
CVE-2010-0807 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 7 does not properly handle objects in
memory, which allows remote attackers to execute arbitrary code by
accessing a deleted object, leading to memory corruption, aka "HTML
Rendering Memory Corruption Vulnerability." |
|
298 |
CVE-2010-0806 |
399 |
|
Exec Code Mem. Corr. |
2010-03-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the Peer Objects component (aka
iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows
remote attackers to execute arbitrary code via vectors involving access
to an invalid pointer after the deletion of an object, as exploited in
the wild in March 2010, aka "Uninitialized Memory Corruption
Vulnerability." |
|
299 |
CVE-2010-0805 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Tabular Data Control (TDC) ActiveX control in Microsoft
Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1
allows remote attackers to execute arbitrary code via a long URL
(DataURL parameter) that triggers memory corruption in the
CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption
Vulnerability." |
|
300 |
CVE-2010-0719 |
20 |
|
DoS |
2010-02-26 |
2017-08-16 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
An unspecified API in Microsoft Windows 2000, Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not
validate arguments, which allows local users to cause a denial of
service (system crash) via a crafted application. |
|
|
