Page 9 of 15Windows Xp Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2009-1123 |
20 |
|
+Priv |
2009-06-10 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not
properly validate changes to unspecified kernel objects, which allows
local users to gain privileges via a crafted application, aka "Windows
Kernel Desktop Vulnerability." |
|
402 |
CVE-2009-0568 |
264 |
|
|
2009-06-10 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000
SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and
Server 2008 SP2 does not properly maintain its internal state, which
allows remote attackers to overwrite arbitrary memory locations via a
crafted RPC message that triggers incorrect pointer reading, related to
"IDL interfaces containing a non-conformant varying array" and
FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET,
aka "RPC Marshalling Engine Vulnerability." |
|
403 |
CVE-2009-0555 |
94 |
|
Exec Code |
2009-10-14 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice
Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager
(ACM), does not properly process Advanced Systems Format (ASF) files,
which allows remote attackers to execute arbitrary code via a crafted
audio file that uses the Windows Media Speech codec, aka "Windows Media
Runtime Voice Sample Rate Vulnerability." |
|
404 |
CVE-2009-0550 |
|
|
Exec Code |
2009-04-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4,
XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server
2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and
7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and
SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008;
allows remote web servers to capture and replay NTLM credentials, and
execute arbitrary code, via vectors related to absence of a
"credential-reflection protections" opt-in step, aka "Windows HTTP
Services Credential Reflection Vulnerability" and "WinINet Credential
Reflection Vulnerability." |
|
405 |
CVE-2009-0320 |
362 |
|
+Info |
2009-01-28 |
2018-10-11 |
4.0 |
None |
Local |
High |
Not required |
Complete |
None |
None |
|
Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O
activity measurements of all processes, which allows local users to
obtain sensitive information, as demonstrated by reading the I/O Other
Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of
characters that a different user entered at a runas.exe password
prompt, related to a "benchmarking attack." |
|
406 |
CVE-2009-0243 |
16 |
|
Exec Code |
2009-01-21 |
2009-01-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows does not properly enforce the Autorun and
NoDriveTypeAutoRun registry values, which allows physically proximate
attackers to execute arbitrary code by (1) inserting CD-ROM media, (2)
inserting DVD media, (3) connecting a USB device, and (4) connecting a
Firewire device; (5) allows user-assisted remote attackers to execute
arbitrary code by mapping a network drive; and allows user-assisted
attackers to execute arbitrary code by clicking on (6) an icon under My
Computer\Devices with Removable Storage and (7) an option in an AutoPlay
dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on
Vista are already covered by CVE-2008-0951. |
|
407 |
CVE-2009-0235 |
119 |
|
Exec Code Overflow Mem. Corr. |
2009-04-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Word 97 text converter in
WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003
SP1 and SP2 allows remote attackers to execute arbitrary code via a
crafted Word 97 file that triggers memory corruption, related to use of
inconsistent integer data sizes for an unspecified length field, aka
"WordPad Word 97 Text Converter Stack Overflow Vulnerability." |
|
408 |
CVE-2009-0232 |
189 |
|
Exec Code Overflow |
2009-07-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Embedded OpenType (EOT) Font Engine in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold,
SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to
execute arbitrary code via a crafted name table, aka "Embedded OpenType
Font Integer Overflow Vulnerability." |
|
409 |
CVE-2009-0231 |
119 |
|
Exec Code Overflow |
2009-07-15 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft
Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and
SP2, and Server 2008 Gold and SP2 allows remote attackers to execute
arbitrary code via a crafted name table in a data record that triggers
an integer truncation and a heap-based buffer overflow, aka "Embedded
OpenType Font Heap Overflow Vulnerability." |
|
410 |
CVE-2009-0230 |
264 |
|
+Priv |
2009-06-10 |
2018-10-12 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2
and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2
allows remote authenticated users to gain privileges via a crafted RPC
message that triggers loading of a DLL file from an arbitrary directory,
aka "Print Spooler Load Library Vulnerability." |
|
411 |
CVE-2009-0229 |
200 |
|
+Info |
2009-06-10 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2
and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2
allows local users to read arbitrary files via a crafted separator
page, aka "Print Spooler Read File Vulnerability." |
|
412 |
CVE-2009-0119 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2009-01-14 |
2017-09-28 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Microsoft Windows XP SP3 allows remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .chm
file. |
|
413 |
CVE-2009-0091 |
94 |
|
Exec Code |
2009-10-14 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly
enforce a certain type-equality constraint in .NET verifiable code,
which allows remote attackers to execute arbitrary code via (1) a
crafted XAML browser application (XBAP), (2) a crafted ASP.NET
application, or (3) a crafted .NET Framework application, aka "Microsoft
.NET Framework Type Verification Vulnerability." |
|
414 |
CVE-2009-0090 |
264 |
|
Exec Code |
2009-10-14 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not
properly validate .NET verifiable code, which allows remote attackers to
obtain unintended access to stack memory, and execute arbitrary code,
via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET
application, or (3) a crafted .NET Framework application, aka
"Microsoft .NET Framework Pointer Verification Vulnerability." |
|
415 |
CVE-2009-0089 |
20 |
|
|
2009-04-15 |
2018-10-12 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4,
XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote
web servers to impersonate arbitrary https web sites by using DNS
spoofing to "forward a connection" to a different https web site that
has a valid certificate matching its own domain name, but not a
certificate matching the domain name of the host requested by the user,
aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
|
|
416 |
CVE-2009-0088 |
20 |
|
Exec Code |
2009-04-15 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in
Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does
not properly validate the length of an unspecified string, which allows
remote attackers to execute arbitrary code via a crafted WordPerfect 6.x
file, related to an unspecified counter and control structures on the
stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption
Vulnerability." |
|
417 |
CVE-2009-0087 |
|
|
Exec Code Mem. Corr. |
2009-04-15 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the Word 6 text converter in WordPad
in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and
SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and
2002 SP3; allows remote attackers to execute arbitrary code via a
crafted Word 6 file that contains malformed data, aka "WordPad and
Office Text Converter Memory Corruption Vulnerability." |
|
418 |
CVE-2009-0086 |
189 |
|
Exec Code |
2009-04-15 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer underflow in Windows HTTP Services (aka WinHTTP) in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
Vista Gold and SP1, and Server 2008 allows remote HTTP servers to
execute arbitrary code via crafted parameter values in a response,
related to error handling, aka "Windows HTTP Services Integer Underflow
Vulnerability." |
|
419 |
CVE-2009-0085 |
287 |
|
|
2009-03-10 |
2018-10-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
Complete |
None |
|
The Secure Channel (aka SChannel) authentication component in
Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
Vista Gold and SP1, and Server 2008, when certificate authentication is
used, does not properly validate the client's key exchange data in
Transport Layer Security (TLS) handshake messages, which allows remote
attackers to spoof authentication by crafting a TLS packet based on
knowledge of the certificate but not the private key, aka "SChannel
Spoofing Vulnerability." |
|
420 |
CVE-2009-0083 |
20 |
|
+Priv |
2009-03-10 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server 2003 SP1 does not properly handle invalid pointers, which allows
local users to gain privileges via an application that triggers use of a
crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
|
|
421 |
CVE-2009-0082 |
20 |
|
+Priv |
2009-03-10 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly
validate handles, which allows local users to gain privileges via a
crafted application that triggers unspecified "actions," aka "Windows
Kernel Handle Validation Vulnerability." |
|
422 |
CVE-2009-0081 |
20 |
|
Exec Code |
2009-03-10 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The graphics device interface (GDI) implementation in the kernel
in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
Vista Gold and SP1, and Server 2008 does not properly validate input
received from user mode, which allows remote attackers to execute
arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2)
Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input
Validation Vulnerability." |
|
423 |
CVE-2009-0079 |
264 |
|
+Priv |
2009-04-15 |
2018-10-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server
2003 SP1 and SP2 does not properly implement isolation among a set of
distinct processes that (1) all run under the NetworkService account or
(2) all run under the LocalService account, which allows local users to
gain privileges by accessing the resources of one of the processes, aka
"Windows RPCSS Service Isolation Vulnerability." |
|
424 |
CVE-2009-0078 |
264 |
|
+Priv |
2009-04-15 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Windows Management Instrumentation (WMI) provider in Microsoft
Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1,
and Server 2008 does not properly implement isolation among a set of
distinct processes that (1) all run under the NetworkService account or
(2) all run under the LocalService account, which allows local users to
gain privileges by accessing the resources of one of the processes, aka
"Windows WMI Service Isolation Vulnerability." |
|
425 |
CVE-2008-4835 |
94 |
|
Exec Code |
2009-01-14 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2
and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
allows remote attackers to execute arbitrary code via malformed values
of unspecified "fields inside the SMB packets" in an NT Trans2 request,
related to "insufficiently validating the buffer size," aka "SMB
Validation Remote Code Execution Vulnerability." |
|
426 |
CVE-2008-4834 |
119 |
|
Exec Code Overflow |
2009-01-14 |
2018-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in SMB in the Server service in Microsoft Windows
2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote
attackers to execute arbitrary code via malformed values of unspecified
"fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer
Overflow Remote Code Execution Vulnerability." |
|
427 |
CVE-2008-4609 |
16 |
|
DoS |
2008-10-20 |
2019-04-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The TCP implementation in (1) Linux, (2) platforms based on BSD
Unix, (3) Microsoft Windows, (4) Cisco products, and probably other
operating systems allows remote attackers to cause a denial of service
(connection queue exhaustion) via multiple vectors that manipulate
information in the TCP state table, as demonstrated by sockstress. |
|
428 |
CVE-2008-4327 |
189 |
|
DoS |
2008-09-30 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly
handle crafted .ico files, which allows remote attackers to cause a
denial of service (divide-by-zero error and application crash) via a
certain crash.ico file on a web site, and allows user-assisted attackers
to cause a denial of service (divide-by-zero error and persistent
application crash) via this crash.ico file on the desktop, a different
vulnerability than CVE-2007-2237. |
|
429 |
CVE-2008-4323 |
|
|
DoS |
2008-09-29 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Windows Explorer in Microsoft Windows XP SP3 allows user-assisted
attackers to cause a denial of service (application crash) via a crafted
.ZIP file. |
|
430 |
CVE-2008-4250 |
94 |
|
Exec Code Overflow |
2008-10-23 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta
allows remote attackers to execute arbitrary code via a crafted RPC
request that triggers the overflow during path canonicalization, as
exploited in the wild by Gimmiv.A in October 2008, aka "Server Service
Vulnerability." |
|
431 |
CVE-2008-4114 |
399 |
|
DoS |
2008-09-16 |
2018-10-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP
SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server
2008 allows remote attackers to cause a denial of service (system crash)
or possibly have unspecified other impact via an SMB WRITE_ANDX packet
with an offset that is inconsistent with the packet size, related to
"insufficiently validating the buffer size," as demonstrated by a
request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of
Service Vulnerability." |
|
432 |
CVE-2008-4038 |
119 |
|
Exec Code Overflow |
2008-10-14 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows
remote attackers to execute arbitrary code via a Server Message Block
(SMB) request that contains a filename with a crafted length, aka "SMB
Buffer Underflow Vulnerability." |
|
433 |
CVE-2008-4036 |
189 |
|
Overflow +Priv |
2008-10-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and
SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
allows local users to gain privileges via a crafted application that
triggers an erroneous decrement of a variable, related to validation of
parameters for Virtual Address Descriptors (VADs) and a "memory
allocation mapping error," aka "Virtual Address Descriptor Elevation of
Privilege Vulnerability." |
|
434 |
CVE-2008-3648 |
94 |
1
|
Exec Code |
2008-08-12 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
nslookup.exe in Microsoft Windows XP SP2 allows user-assisted
remote attackers to execute arbitrary code, as demonstrated by an
attempted DNS zone transfer, and as exploited in the wild in August
2008. |
|
435 |
CVE-2008-3465 |
119 |
|
DoS Exec Code Overflow |
2008-12-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in an API in GDI in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1,
and Server 2008 allows context-dependent attackers to cause a denial of
service or execute arbitrary code via a WMF file with a malformed
file-size parameter, which would not be properly handled by a
third-party application that uses this API for a copy operation, aka
"GDI Heap Overflow Vulnerability." |
|
436 |
CVE-2008-3464 |
264 |
|
+Priv Bypass |
2008-10-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
afd.sys in the Ancillary Function Driver (AFD) component in
Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2
does not properly validate input sent from user mode to the kernel,
which allows local users to gain privileges via a crafted application,
as demonstrated using crafted pointers and lengths that bypass intended
ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite
Vulnerability." |
|
437 |
CVE-2008-3014 |
119 |
|
Exec Code Overflow |
2008-09-10 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet
Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista
Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007
Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer
2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting
Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and
Forefront Client Security 1.0 allows remote attackers to execute
arbitrary code via a malformed WMF image file that triggers improper
memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability." |
|
438 |
CVE-2008-3013 |
399 |
|
Exec Code |
2008-09-10 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows
XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server
2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office
System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8,
Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL
Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client
Security 1.0 allows remote attackers to execute arbitrary code via a
malformed GIF image file containing many extension markers for graphic
control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing
Vulnerability." |
|
439 |
CVE-2008-3012 |
119 |
|
Exec Code Overflow Mem. Corr. |
2008-09-10 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows
XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server
2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office
System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8,
Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL
Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client
Security 1.0 does not properly perform memory allocation, which allows
remote attackers to execute arbitrary code via a malformed EMF image
file, aka "GDI+ EMF Memory Corruption Vulnerability." |
|
440 |
CVE-2008-3008 |
119 |
|
Exec Code Overflow |
2008-09-10 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the WMEncProfileManager ActiveX
control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows
remote attackers to execute arbitrary code via a long first argument to
the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun
Vulnerability." |
|
441 |
CVE-2008-2252 |
264 |
|
+Priv Mem. Corr. |
2008-10-14 |
2019-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly
validate parameters sent from user mode to the kernel, which allows
local users to gain privileges via a crafted application, aka "Windows
Kernel Memory Corruption Vulnerability." |
|
442 |
CVE-2008-2251 |
399 |
|
+Priv |
2008-10-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Double free vulnerability in the kernel in Microsoft Windows 2000
SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and
Server 2008 allows local users to gain privileges via a crafted
application that makes system calls within multiple threads, aka
"Windows Kernel Unhandled Exception Vulnerability." NOTE: according to
Microsoft, this is not a duplicate of CVE-2008-4510. |
|
443 |
CVE-2008-2250 |
264 |
|
+Priv |
2008-10-14 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly
validate window properties sent from a parent window to a child window
during creation of a new window, which allows local users to gain
privileges via a crafted application, aka "Windows Kernel Window
Creation Vulnerability." |
|
444 |
CVE-2008-2249 |
189 |
|
Exec Code Overflow |
2008-12-10 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and
SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows
remote attackers to execute arbitrary code via a malformed header in a
crafted WMF file, which triggers a buffer overflow, aka "GDI Integer
Overflow Vulnerability." |
|
445 |
CVE-2008-2245 |
119 |
|
Exec Code Overflow |
2008-08-12 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the InternalOpenColorProfile
function in mscms.dll in Microsoft Windows Image Color Management System
(MSCMS) in the Image Color Management (ICM) component on Windows 2000
SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers
to execute arbitrary code via a crafted image file. |
|
446 |
CVE-2008-1457 |
20 |
|
Exec Code |
2008-08-13 |
2018-10-30 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not
properly validate per-user subscriptions, which allows remote
authenticated users to execute arbitrary code via a crafted event
subscription request. |
|
447 |
CVE-2008-1456 |
20 |
|
Exec Code |
2008-08-13 |
2018-10-30 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Array index vulnerability in the Event System in Microsoft Windows
2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1,
and Server 2008 allows remote authenticated users to execute arbitrary
code via a crafted event subscription request that is used to access an
array of function pointers. |
|
448 |
CVE-2008-1454 |
|
|
|
2008-07-08 |
2018-10-12 |
9.4 |
None |
Remote |
Low |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4,
Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to
conduct cache poisoning attacks via unknown vectors related to accepting
"records from a response that is outside the remote server's
authority," aka "DNS Cache Poisoning Vulnerability," a different
vulnerability than CVE-2008-1447. |
|
449 |
CVE-2008-1453 |
20 |
|
Exec Code |
2008-06-11 |
2018-10-12 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista
Gold and SP1, allows physically proximate attackers to execute
arbitrary code via a large series of Service Discovery Protocol (SDP)
packets. |
|
450 |
CVE-2008-1446 |
189 |
|
Exec Code Overflow |
2008-10-14 |
2019-07-03 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Integer overflow in the Internet Printing Protocol (IPP) ISAPI
extension in Microsoft Internet Information Services (IIS) 5.0 through
7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and
Server 2008 allows remote authenticated users to execute arbitrary code
via an HTTP POST request that triggers an outbound IPP connection from a
web server to a machine operated by the attacker, aka "Integer Overflow
in IPP Service Vulnerability." |
|
|
