Page 7 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2010-0555 |
|
|
Bypass |
2010-02-04 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not
prevent rendering of non-HTML local files as HTML documents, which
allows remote attackers to bypass intended access restrictions and read
arbitrary files via vectors involving the product's use of text/html as
the default content type for files that are encountered after a
redirection, aka the URLMON sniffing vulnerability, a variant of
CVE-2009-1140 and related to CVE-2008-1448. |
|
302 |
CVE-2010-0494 |
200 |
|
XSS Bypass +Info |
2010-03-31 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6
SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same
Origin Policy and conduct cross-site scripting (XSS) attacks via a
crafted HTML document in a situation where the client user drags one
browser window across another browser window, aka "HTML Element
Cross-Domain Vulnerability." |
|
303 |
CVE-2010-0492 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in mstime.dll in Microsoft Internet
Explorer 8 allows remote attackers to execute arbitrary code via vectors
related to the TIME2 behavior, the CTimeAction object, and destruction
of markup, leading to memory corruption, aka "HTML Object Memory
Corruption Vulnerability." |
|
304 |
CVE-2010-0491 |
399 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Microsoft Internet Explorer 5.01
SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by
changing unspecified properties of an HTML object that has an
onreadystatechange event handler, aka "HTML Object Memory Corruption
Vulnerability." |
|
305 |
CVE-2010-0490 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
handle objects in memory, which allows remote attackers to execute
arbitrary code by accessing an object that (1) was not properly
initialized or (2) is deleted, leading to memory corruption, aka
"Uninitialized Memory Corruption Vulnerability." |
|
306 |
CVE-2010-0489 |
362 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1,
and 7 allows remote attackers to execute arbitrary code via a crafted
HTML document that triggers memory corruption, aka "Race Condition
Memory Corruption Vulnerability." |
|
307 |
CVE-2010-0488 |
200 |
|
Bypass +Info |
2010-03-31 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not
properly handle unspecified "encoding strings," which allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
information via a crafted web site, aka "Post Encoding Information
Disclosure Vulnerability." |
|
308 |
CVE-2010-0487 |
20 |
|
Exec Code |
2010-04-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Authenticode Signature verification functionality in
cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in
Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003
SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2,
and R2, and Windows 7 does not properly use unspecified fields in a file
digest, which allows remote attackers to execute arbitrary code via a
modified cabinet (aka .CAB) file that incorrectly appears to have a
valid signature, aka "Cabview Corruption Validation Vulnerability." |
|
309 |
CVE-2010-0486 |
20 |
|
Exec Code |
2010-04-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The WinVerifyTrust function in Authenticode Signature Verification
5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows
Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use
unspecified fields in a file digest, which allows user-assisted remote
attackers to execute arbitrary code via a modified (1) Portable
Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears
to have a valid signature, aka "WinVerifyTrust Signature Validation
Vulnerability." |
|
310 |
CVE-2010-0485 |
20 |
|
Exec Code |
2010-06-08 |
2018-10-30 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server
2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly
validate all callback parameters when creating a new window," which
allows local users to execute arbitrary code, aka "Win32k Window
Creation Vulnerability." |
|
311 |
CVE-2010-0484 |
20 |
|
Exec Code |
2010-06-08 |
2018-10-12 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and
Server 2008 Gold and SP2 "do not properly validate changes in certain
kernel objects," which allows local users to execute arbitrary code via
vectors related to Device Contexts (DC) and the GetDCEx function, aka
"Win32k Improper Data Validation Vulnerability." |
|
312 |
CVE-2010-0483 |
94 |
|
Exec Code |
2010-03-03 |
2018-10-12 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft
Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet
Explorer is used, allows user-assisted remote attackers to execute
arbitrary code by referencing a (1) local pathname, (2) UNC share
pathname, or (3) WebDAV server with a crafted .hlp file in the fourth
argument (aka helpfile argument) to the MsgBox function, leading to code
execution involving winhlp32.exe when the F1 key is pressed, aka
"VBScript Help Keypress Vulnerability." |
|
313 |
CVE-2010-0480 |
119 |
|
Exec Code Overflow |
2010-04-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the MPEG Layer-3 audio
codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,
Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote
attackers to execute arbitrary code via a crafted AVI file, aka "MPEG
Layer-3 Audio Decoder Stack Overflow Vulnerability." |
|
314 |
CVE-2010-0379 |
|
|
Exec Code |
2010-01-21 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the Macromedia Flash
ActiveX control in Adobe Flash Player 6, as distributed in Microsoft
Windows XP SP2 and SP3, might allow remote attackers to execute
arbitrary code via unspecified vectors that are not related to the
use-after-free "Movie Unloading Vulnerability" (CVE-2010-0378). NOTE:
due to lack of details, it is not clear whether this overlaps any other
CVE item. |
|
315 |
CVE-2010-0378 |
|
|
Exec Code Mem. Corr. |
2010-01-21 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Flash Player 6.0.79, as
distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers
to execute arbitrary code by unloading a Flash object that is currently
being accessed by a script, leading to memory corruption, aka a "Movie
Unloading Vulnerability." |
|
316 |
CVE-2010-0269 |
399 |
|
Exec Code |
2010-04-14 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and
SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows
Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate
memory for SMB responses, which allows remote SMB servers and
man-in-the-middle attackers to execute arbitrary code via a crafted (1)
SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation
Vulnerability." |
|
317 |
CVE-2010-0268 |
|
|
Exec Code |
2010-04-14 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Windows Media Player ActiveX
control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4
and XP SP2 and SP3 allows remote attackers to execute arbitrary code via
crafted media content, aka "Media Player Remote Code Execution
Vulnerability." |
|
318 |
CVE-2010-0267 |
94 |
|
Exec Code Mem. Corr. |
2010-03-31 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly
handle objects in memory, which allows remote attackers to execute
arbitrary code by accessing an object that (1) was not properly
initialized or (2) is deleted, leading to memory corruption, aka
"Uninitialized Memory Corruption Vulnerability." |
|
319 |
CVE-2010-0265 |
119 |
|
Exec Code Overflow |
2010-03-10 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and
6.0, and Microsoft Producer 2003, allows remote attackers to execute
arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and
Producer Buffer Overflow Vulnerability." |
|
320 |
CVE-2010-0252 |
94 |
|
Exec Code |
2010-02-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Data Analyzer ActiveX control (aka the Office Excel
ActiveX control for Data Analysis) in max3activex.dll in Microsoft
Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2,
Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2,
and Windows 7 allows remote attackers to execute arbitrary code via a
crafted web page that corrupts the "system state," aka "Microsoft Data
Analyzer ActiveX Control Vulnerability." |
|
321 |
CVE-2010-0250 |
119 |
|
Exec Code Overflow |
2010-02-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as
used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and
Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP
SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote
attackers to execute arbitrary code via an AVI file with a crafted
length field in an unspecified video stream, which is not properly
handled by the RLE video decompressor, aka "DirectShow Heap Overflow
Vulnerability." |
|
322 |
CVE-2010-0238 |
20 |
|
DoS |
2010-04-14 |
2018-10-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in registry-key validation in the kernel
in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and
Vista Gold allows local users to cause a denial of service (reboot) via a
crafted application, aka "Windows Kernel Registry Key Vulnerability."
|
|
323 |
CVE-2010-0237 |
264 |
|
+Priv |
2010-04-14 |
2018-10-12 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows
local users to gain privileges by creating a symbolic link from an
untrusted registry hive to a trusted registry hive, aka "Windows Kernel
Symbolic Link Creation Vulnerability." |
|
324 |
CVE-2010-0236 |
399 |
|
+Priv |
2010-04-14 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, and Vista Gold does not properly allocate memory for the
destination key associated with a symbolic-link registry key, which
allows local users to gain privileges via a crafted application, aka
"Windows Kernel Memory Allocation Vulnerability." |
|
325 |
CVE-2010-0235 |
20 |
|
DoS |
2010-04-14 |
2018-10-12 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, and Vista Gold does not perform the expected validation before
creating a symbolic link, which allows local users to cause a denial of
service (reboot) via a crafted application, aka "Windows Kernel
Symbolic Link Value Vulnerability." |
|
326 |
CVE-2010-0234 |
20 |
|
DoS |
2010-04-14 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does
not properly validate a registry-key argument to an unspecified system
call, which allows local users to cause a denial of service (reboot) via
a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
|
|
327 |
CVE-2010-0233 |
|
|
+Priv |
2010-02-10 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the kernel in Microsoft Windows 2000
SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and
Server 2008 Gold and SP2 allows local users to gain privileges via a
crafted application, aka "Windows Kernel Double Free Vulnerability."
|
|
328 |
CVE-2010-0232 |
264 |
|
+Priv |
2010-01-21 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows NT 3.1 through Windows 7,
including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003
SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and
SP2, when access to 16-bit applications is enabled on a 32-bit x86
platform, does not properly validate certain BIOS calls, which allows
local users to gain privileges by crafting a VDM_TIB data structure in
the Thread Environment Block (TEB), and then calling the NtVdmControl
function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem,
leading to improperly handled exceptions involving the #GP trap handler
(nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
|
|
329 |
CVE-2010-0231 |
264 |
|
|
2010-02-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMB implementation in the Server service in Microsoft Windows
2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
does not use a sufficient source of entropy, which allows remote
attackers to obtain access to files and other SMB resources via a large
number of authentication requests, related to server-generated
challenges, certain "duplicate values," and spoofing of an
authentication token, aka "SMB NTLM Authentication Lack of Entropy
Vulnerability." |
|
330 |
CVE-2010-0028 |
189 |
|
Exec Code Overflow |
2010-02-10 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2
and SP3, and Server 2003 SP2 allows remote attackers to execute
arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer
Overflow Vulnerability." |
|
331 |
CVE-2010-0027 |
94 |
|
|
2010-01-22 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The URL validation functionality in Microsoft Internet Explorer
5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process
input parameters, which allows remote attackers to execute arbitrary
local programs via a crafted URL, aka "URL Validation Vulnerability."
|
|
332 |
CVE-2010-0025 |
200 |
|
+Info |
2010-04-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server
2000 SP3, does not properly allocate memory for SMTP command replies,
which allows remote attackers to read fragments of e-mail messages by
sending a series of invalid commands and then sending a STARTTLS
command, aka "SMTP Memory Allocation Vulnerability." |
|
333 |
CVE-2010-0024 |
20 |
|
DoS |
2010-04-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server
2003 SP2, does not properly parse MX records, which allows remote DNS
servers to cause a denial of service (service outage) via a crafted
response to a DNS MX record query, aka "SMTP Server MX Record
Vulnerability." |
|
334 |
CVE-2010-0023 |
264 |
|
+Priv +Info |
2010-02-10 |
2018-10-12 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill
processes after a logout, which allows local users to obtain sensitive
information or gain privileges via a crafted application that continues
to execute throughout the logout of one user and the login session of
the next user, aka "CSRSS Local Privilege Elevation Vulnerability." |
|
335 |
CVE-2010-0022 |
20 |
|
DoS |
2010-02-10 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SMB implementation in the Server service in Microsoft Windows
2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
does not properly validate the share and servername fields in SMB
packets, which allows remote attackers to cause a denial of service
(system hang) via a crafted packet, aka "SMB Null Pointer
Vulnerability." |
|
336 |
CVE-2010-0021 |
362 |
|
DoS Mem. Corr. |
2010-02-10 |
2018-10-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Multiple race conditions in the SMB implementation in the Server
service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server
2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a
denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2
Negotiate packet, aka "SMB Memory Corruption Vulnerability." |
|
337 |
CVE-2010-0020 |
20 |
|
Exec Code Overflow |
2010-02-10 |
2018-10-30 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The SMB implementation in the Server service in Microsoft Windows
2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
does not properly validate request fields, which allows remote
authenticated users to execute arbitrary code via a malformed request,
aka "SMB Pathname Overflow Vulnerability." |
|
338 |
CVE-2010-0018 |
189 |
|
Exec Code Overflow |
2010-01-13 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Embedded OpenType (EOT) Font Engine
(t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3;
Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows
Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to
execute arbitrary code via compressed data that represents a crafted EOT
font, aka "Microtype Express Compressed Fonts Integer Flaw in the
LZCOMP Decompressor Vulnerability." |
|
339 |
CVE-2010-0016 |
20 |
|
Exec Code |
2010-02-10 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The SMB client implementation in Microsoft Windows 2000 SP4, XP
SP2 and SP3, and Server 2003 SP2 does not properly validate response
fields, which allows remote SMB servers and man-in-the-middle attackers
to execute arbitrary code via a crafted response, aka "SMB Client Pool
Corruption Vulnerability." |
|
340 |
CVE-2009-4313 |
119 |
|
DoS Exec Code Overflow |
2009-12-12 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to
cause a denial of service (heap corruption) or execute arbitrary code
via malformed data in a stream in a media file, as demonstrated by an
AVI file. |
|
341 |
CVE-2009-4312 |
94 |
|
Exec Code |
2009-12-12 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Indeo codec in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to
execute arbitrary code via crafted media content, as reported to
Microsoft by Dave Lenoe of Adobe. |
|
342 |
CVE-2009-4311 |
94 |
|
Exec Code |
2009-12-12 |
2017-09-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Indeo codec in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to
execute arbitrary code via crafted media content, as reported to
Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap
CVE-2008-3615. |
|
343 |
CVE-2009-4310 |
119 |
|
Exec Code Overflow |
2009-12-12 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Intel Indeo41 codec for Windows
Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server
2003 SP2 allows remote attackers to execute arbitrary code via crafted
compressed video data in an IV41 stream in a media file, leading to many
loop iterations, as demonstrated by data in an AVI file. |
|
344 |
CVE-2009-4309 |
119 |
|
Exec Code Overflow |
2009-12-12 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Intel Indeo41 codec for Windows
Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server
2003 SP2 allows remote attackers to execute arbitrary code via a large
size value in a movi record in an IV41 stream in a media file, as
demonstrated by an AVI file. |
|
345 |
CVE-2009-4210 |
94 |
|
DoS Mem. Corr. |
2009-12-12 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server 2003 SP2 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via
crafted media content. |
|
346 |
CVE-2009-3677 |
94 |
|
Bypass |
2009-12-09 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Internet Authentication Service (IAS) in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and
Server 2008 Gold does not properly verify the credentials in an MS-CHAP
v2 Protected Extensible Authentication Protocol (PEAP) authentication
request, which allows remote attackers to access network resources via a
malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
|
|
347 |
CVE-2009-3675 |
399 |
|
DoS |
2009-12-09 |
2018-10-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
LSASS.exe in the Local Security Authority Subsystem Service
(LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003
SP2 allows remote authenticated users to cause a denial of service (CPU
consumption) via a malformed ISAKMP request over IPsec, aka "Local
Security Authority Subsystem Service Resource Exhaustion Vulnerability."
|
|
348 |
CVE-2009-3674 |
399 |
|
Exec Code Mem. Corr. |
2009-12-09 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 8 does not properly handle objects in
memory, which allows remote attackers to execute arbitrary code by
accessing an object that (1) was not properly initialized or (2) is
deleted, leading to memory corruption, aka "Uninitialized Memory
Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
|
|
349 |
CVE-2009-3673 |
94 |
|
Exec Code Mem. Corr. |
2009-12-09 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 7 and 8 does not properly handle
objects in memory, which allows remote attackers to execute arbitrary
code by accessing an object that (1) was not properly initialized or (2)
is deleted, leading to memory corruption, aka "Uninitialized Memory
Corruption Vulnerability." |
|
350 |
CVE-2009-3671 |
399 |
|
Exec Code Mem. Corr. |
2009-12-09 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 8 does not properly handle objects in
memory, which allows remote attackers to execute arbitrary code by
accessing an object that (1) was not properly initialized or (2) is
deleted, leading to memory corruption, aka "Uninitialized Memory
Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
|
|
|
