Page 8 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2009-3126 |
189 |
|
Exec Code Overflow |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft
Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,
Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer
2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007
Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web
2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted PNG
image file, aka "GDI+ PNG Integer Overflow Vulnerability." |
|
352 |
CVE-2009-2653 |
264 |
1
|
+Priv Bypass |
2009-08-03 |
2017-09-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The NtUserConsoleControl function in win32k.sys in
Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows
local administrators to bypass unspecified "security software" and gain
privileges via a crafted call that triggers an overwrite of an arbitrary
memory location. NOTE: the vendor disputes the significance of this
report, stating that 'the Administrator to SYSTEM "escalation" is not a
security boundary we defend.' |
|
353 |
CVE-2009-2531 |
94 |
|
Exec Code Mem. Corr. |
2009-10-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
handle objects in memory, which allows remote attackers to execute
arbitrary code by accessing an object that (1) was not properly
initialized or (2) is deleted, leading to memory corruption, aka
"Uninitialized Memory Corruption Vulnerability," a different
vulnerability than CVE-2009-2530. |
|
354 |
CVE-2009-2530 |
94 |
|
Exec Code Mem. Corr. |
2009-10-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly
handle objects in memory, which allows remote attackers to execute
arbitrary code by accessing an object that (1) was not properly
initialized or (2) is deleted, leading to memory corruption, aka
"Uninitialized Memory Corruption Vulnerability," a different
vulnerability than CVE-2009-2531. |
|
355 |
CVE-2009-2529 |
94 |
|
Exec Code |
2009-10-14 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not
properly handle argument validation for unspecified variables, which
allows remote attackers to execute arbitrary code via a crafted HTML
document, aka "HTML Component Handling Vulnerability." |
|
356 |
CVE-2009-2528 |
94 |
|
Exec Code Mem. Corr. |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GDI+ in Microsoft Office XP SP3 does not properly handle malformed
objects in Office Art Property Tables, which allows remote attackers to
execute arbitrary code via a crafted Office document that triggers
memory corruption, aka "Memory Corruption Vulnerability." |
|
357 |
CVE-2009-2525 |
94 |
|
Exec Code |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice
Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager
(ACM), does not properly initialize unspecified functions within
compressed audio files, which allows remote attackers to execute
arbitrary code via (1) a crafted media file or (2) crafted streaming
content, aka "Windows Media Runtime Heap Corruption Vulnerability." |
|
358 |
CVE-2009-2524 |
189 |
|
DoS Overflow |
2009-10-14 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the NTLM authentication feature in the Local
Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2
and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote
attackers to cause a denial of service (reboot) via a malformed packet,
aka "Local Security Authority Subsystem Service Integer Overflow
Vulnerability." |
|
359 |
CVE-2009-2519 |
94 |
|
Exec Code |
2009-09-08 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The DHTML Editing Component ActiveX control in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format
HTML markup, which allows remote attackers to execute arbitrary code via
a crafted web site that triggers "system state" corruption, aka "DHTML
Editing Component ActiveX Control Vulnerability." |
|
360 |
CVE-2009-2516 |
20 |
|
+Priv |
2009-10-14 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly
validate data sent from user mode, which allows local users to gain
privileges via a crafted PE .exe file that triggers a NULL pointer
dereference during chain traversal, aka "Windows Kernel NULL Pointer
Dereference Vulnerability." |
|
361 |
CVE-2009-2515 |
189 |
|
+Priv |
2009-10-14 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP
SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008
Gold and SP2 allows local users to gain privileges via a crafted
application that triggers an incorrect truncation of a 64-bit integer to
a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
|
|
362 |
CVE-2009-2514 |
94 |
|
Exec Code |
2009-11-11 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and
SP3, and Server 2003 SP2 does not correctly parse font code during
construction of a directory-entry table, which allows remote attackers
to execute arbitrary code via a crafted Embedded OpenType (EOT) font,
aka "Win32k EOT Parsing Vulnerability." |
|
363 |
CVE-2009-2513 |
20 |
|
+Priv |
2009-11-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Device Interface (GDI) in win32k.sys in the kernel in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista
Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly
validate user-mode input, which allows local users to gain privileges
via a crafted application, aka "Win32k Insufficient Data Validation
Vulnerability." |
|
364 |
CVE-2009-2511 |
189 |
|
Overflow |
2009-10-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the CryptoAPI component in Microsoft Windows
2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista
Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
allows man-in-the-middle attackers to spoof arbitrary SSL servers and
other entities via an X.509 certificate that has a malformed ASN.1
Object Identifier (OID) and was issued by a legitimate Certification
Authority, aka "Integer Overflow in X.509 Object Identifiers
Vulnerability." |
|
365 |
CVE-2009-2510 |
310 |
|
|
2009-10-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP
SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2,
Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by
Internet Explorer and other applications, does not properly handle a
'\0' character in a domain name in the subject's Common Name (CN) field
of an X.509 certificate, which allows man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, aka "Null Truncation in X.509 Common
Name Vulnerability," a related issue to CVE-2009-2408. |
|
366 |
CVE-2009-2507 |
|
|
Mem. Corr. |
2009-10-14 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain ActiveX control in the Indexing Service in Microsoft
Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly
process URLs, which allows remote attackers to execute arbitrary
programs via unspecified vectors that cause a "vulnerable binary" to
load and run, aka "Memory Corruption in Indexing Service Vulnerability."
|
|
367 |
CVE-2009-2506 |
189 |
|
Exec Code Overflow |
2009-12-09 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the text converters in Microsoft Office Word
2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in
Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote
attackers to execute arbitrary code via a DOC file with an invalid
number of property names in the DocumentSummaryInformation stream, which
triggers a heap-based buffer overflow. |
|
368 |
CVE-2009-2504 |
189 |
|
Exec Code Overflow |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple integer overflows in unspecified APIs in GDI+ in
Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2,
Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1,
Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office
System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word
Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold
and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1,
and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007
File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007
Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL
Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold
and SP1, and Forefront Client Security 1.0 allow remote attackers to
execute arbitrary code via (1) a crafted XAML browser application
(XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET
Framework application, aka "GDI+ .NET API Vulnerability." |
|
369 |
CVE-2009-2503 |
94 |
|
Exec Code Mem. Corr. |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3,
Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft
Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,
Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer
2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007
Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web
2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does
not properly allocate an unspecified buffer, which allows remote
attackers to execute arbitrary code via a crafted TIFF image file that
triggers memory corruption, aka "GDI+ TIFF Memory Corruption
Vulnerability." |
|
370 |
CVE-2009-2502 |
119 |
|
Exec Code Overflow |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft
Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,
Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer
2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007
Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web
2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted TIFF
image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." |
|
371 |
CVE-2009-2501 |
119 |
|
Exec Code Overflow |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6
SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007
Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002
SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel
Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer
2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web
2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted PNG
image file, aka "GDI+ PNG Heap Overflow Vulnerability." |
|
372 |
CVE-2009-2500 |
189 |
|
Exec Code Overflow |
2009-10-14 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft
Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,
Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer
2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007
Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web
2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted WMF
image file, aka "GDI+ WMF Integer Overflow Vulnerability." |
|
373 |
CVE-2009-2499 |
94 |
|
Exec Code Mem. Corr. |
2009-09-08 |
2018-10-30 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and
Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and
Server 2008; allows remote attackers to execute arbitrary code via an
MP3 file with crafted metadata that triggers memory corruption, aka
"Windows Media Playback Memory Corruption Vulnerability." |
|
374 |
CVE-2009-2498 |
94 |
|
Exec Code |
2009-09-08 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and
Windows Media Services 9.1 and 2008 do not properly parse malformed
headers in Advanced Systems Format (ASF) files, which allows remote
attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or
(3) .wma file, aka "Windows Media Header Parsing Invalid Free
Vulnerability." |
|
375 |
CVE-2009-2497 |
94 |
|
Exec Code |
2009-10-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0,
2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not
properly handle interfaces, which allows remote attackers to execute
arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a
crafted Silverlight application, (3) a crafted ASP.NET application, or
(4) a crafted .NET Framework application, aka "Microsoft Silverlight and
Microsoft .NET Framework CLR Vulnerability." |
|
376 |
CVE-2009-2494 |
94 |
|
Exec Code |
2009-08-12 |
2018-10-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Active Template Library (ATL) in Microsoft Windows 2000 SP4,
XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server
2008 Gold and SP2 allows remote attackers to execute arbitrary code via
vectors related to erroneous free operations after reading a variant
from a stream and deleting this variant, aka "ATL Object Type Mismatch
Vulnerability." |
|
377 |
CVE-2009-2493 |
264 |
|
Exec Code Bypass |
2009-07-29 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Active Template Library (ATL) in Microsoft Visual Studio .NET
2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++
2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2;
does not properly restrict use of OleLoadFromStream in instantiating
objects from data streams, which allows remote attackers to execute
arbitrary code via a crafted HTML document with an ATL (1) component or
(2) control, related to ATL headers and bypassing security policies, aka
"ATL COM Initialization Vulnerability." |
|
378 |
CVE-2009-2196 |
|
|
|
2009-08-12 |
2009-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows
remote web servers to place an arbitrary web site in the Top Sites view,
and possibly conduct phishing attacks, via unknown vectors. |
|
379 |
CVE-2009-1930 |
255 |
|
Exec Code |
2009-08-12 |
2018-10-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2
allows remote Telnet servers to execute arbitrary code on a client
machine by replaying the NTLM credentials of a client user, aka "Telnet
Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
|
|
380 |
CVE-2009-1929 |
119 |
|
Exec Code Overflow |
2009-08-12 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Microsoft Terminal Services
Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or
SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows
remote attackers to execute arbitrary code via unspecified parameters
to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap
Overflow Vulnerability." |
|
381 |
CVE-2009-1928 |
399 |
|
DoS Overflow |
2009-11-11 |
2019-04-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack consumption vulnerability in the LDAP service in Active
Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server
2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows
XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight
Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows
remote attackers to cause a denial of service (system hang) via a
malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack
Overflow Vulnerability." |
|
382 |
CVE-2009-1926 |
|
|
DoS |
2009-09-08 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista
Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers
to cause a denial of service (TCP outage) via a series of TCP sessions
that have pending data and a (1) small or (2) zero receive window size,
and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka
"TCP/IP Orphaned Connections Vulnerability." |
|
383 |
CVE-2009-1922 |
264 |
|
+Priv |
2009-08-12 |
2018-10-12 |
6.9 |
Admin |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000
SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate
unspecified IOCTL request data from user mode before passing this data
to kernel mode, which allows local users to gain privileges via a
crafted request, aka "MSMQ Null Pointer Vulnerability." |
|
384 |
CVE-2009-1920 |
94 |
|
Exec Code Mem. Corr. |
2009-09-08 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll
in Microsoft Windows, as used in Internet Explorer, does not properly
load decoded scripts into memory before execution, which allows remote
attackers to execute arbitrary code via a crafted web site that triggers
memory corruption, aka "JScript Remote Code Execution Vulnerability."
|
|
385 |
CVE-2009-1919 |
94 |
|
Exec Code Mem. Corr. |
2009-07-29 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6
for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7
and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and
SP2, and Server 2008 Gold and SP2 do not properly handle attempts to
access deleted objects in memory, which allows remote attackers to
execute arbitrary code via an HTML document containing embedded style
sheets that modify unspecified rule properties that cause the behavior
element to be "improperly processed," aka "Uninitialized Memory
Corruption Vulnerability." |
|
386 |
CVE-2009-1808 |
|
|
DoS |
2009-05-28 |
2017-08-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Microsoft Windows XP SP3 allows local users to cause a denial of
service (system crash) by making an SPI_SETDESKWALLPAPER
SystemParametersInfo call with an improperly terminated pvParam
argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
|
|
387 |
CVE-2009-1547 |
94 |
|
Exec Code Mem. Corr. |
2009-10-14 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4,
6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a
crafted data stream header that triggers memory corruption, aka "Data
Stream Header Corruption Vulnerability." |
|
388 |
CVE-2009-1546 |
189 |
|
DoS Exec Code Overflow |
2009-08-12 |
2018-10-30 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
Integer overflow in Avifil32.dll in the Windows Media file
handling functionality in Microsoft Windows allows remote attackers to
execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI
file, or cause a denial of service on a Windows XP SP2 or SP3, Server
2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via
a crafted AVI file, aka "AVI Integer Overflow Vulnerability." |
|
389 |
CVE-2009-1545 |
94 |
|
Exec Code |
2009-08-12 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Avifil32.dll in the Windows Media
file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and
SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and
SP2 allows remote attackers to execute arbitrary code via a malformed
header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
|
|
390 |
CVE-2009-1544 |
399 |
|
DoS +Priv Mem. Corr. |
2009-08-12 |
2018-10-30 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Double free vulnerability in the Workstation service in Microsoft
Windows allows remote authenticated users to gain privileges via a
crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2
system, or cause a denial of service via a crafted RPC message to a
Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka
"Workstation Service Memory Corruption Vulnerability." |
|
391 |
CVE-2009-1539 |
94 |
|
Exec Code |
2009-07-15 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in
Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2
and SP3, and Windows Server 2003 SP2 does not properly validate
unspecified size fields in QuickTime media files, which allows remote
attackers to execute arbitrary code via a crafted file, aka "DirectX
Size Validation Vulnerability." |
|
392 |
CVE-2009-1538 |
20 |
|
Exec Code |
2009-07-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in
Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2
and SP3, and Windows Server 2003 SP2 performs updates to pointers
without properly validating unspecified data values, which allows remote
attackers to execute arbitrary code via a crafted QuickTime media file,
aka "DirectX Pointer Validation Vulnerability." |
|
393 |
CVE-2009-1537 |
|
|
Exec Code |
2009-05-29 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the QuickTime Movie Parser Filter in
quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on
Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2
allows remote attackers to execute arbitrary code via a crafted
QuickTime media file, as exploited in the wild in May 2009, aka "DirectX
NULL Byte Overwrite Vulnerability." |
|
394 |
CVE-2009-1511 |
399 |
|
DoS |
2009-05-01 |
2017-09-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a
denial of service (infinite loop) via a PNG file that contains a
certain large btChunkLen value. |
|
395 |
CVE-2009-1217 |
189 |
|
DoS Overflow |
2009-04-01 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Off-by-one error in the GpFont::SetData function in gdiplus.dll in
Microsoft GDI+ on Windows XP allows remote attackers to cause a denial
of service (stack corruption and application termination) via a crafted
EMF file that triggers an integer overflow, as demonstrated by
voltage-exploit.emf, aka the "Microsoft GdiPlus EMF GpFont.SetData
integer overflow." |
|
396 |
CVE-2009-1133 |
119 |
|
Exec Code Overflow |
2009-08-12 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Microsoft Remote Desktop Connection
(formerly Terminal Services Client) running RDP 5.0 through 6.1 on
Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote
attackers to execute arbitrary code via unspecified parameters, aka
"Remote Desktop Connection Heap Overflow Vulnerability." |
|
397 |
CVE-2009-1127 |
20 |
|
+Priv |
2009-11-11 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and
SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold
and SP2 does not correctly validate an argument to an unspecified system
call, which allows local users to gain privileges via a crafted
application that triggers a NULL pointer dereference, aka "Win32k NULL
Pointer Dereferencing Vulnerability." |
|
398 |
CVE-2009-1126 |
20 |
|
+Priv |
2009-06-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server 2003 SP2 does not properly validate the user-mode input
associated with the editing of an unspecified desktop parameter, which
allows local users to gain privileges via a crafted application, aka
"Windows Desktop Parameter Edit Vulnerability." |
|
399 |
CVE-2009-1125 |
20 |
|
+Priv |
2009-06-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not
properly validate an argument to an unspecified system call, which
allows local users to gain privileges via a crafted application, aka
"Windows Driver Class Registration Vulnerability." |
|
400 |
CVE-2009-1124 |
20 |
|
+Priv |
2009-06-10 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not
properly validate user-mode pointers in unspecified error conditions,
which allows local users to gain privileges via a crafted application,
aka "Windows Kernel Pointer Validation Vulnerability." |
|
|
