VYPR

Windows Xp

by Microsoft

CVEs (744)

  • CVE-2007-0069Jan 8, 2008
    risk 0.04cvss epss 0.49

    Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka…

  • CVE-2007-4676Nov 7, 2007
    risk 0.04cvss epss 0.47

    Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.

  • CVE-2007-4677Nov 7, 2007
    risk 0.04cvss epss 0.47

    Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.

  • CVE-2007-1912Apr 10, 2007
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.

  • CVE-2007-1492Mar 16, 2007
    risk 0.04cvss epss 0.14

    winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

  • CVE-2006-6797Dec 28, 2006
    risk 0.04cvss epss 0.07

    The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than…

  • CVE-2006-6659Dec 20, 2006
    risk 0.04cvss epss 0.16

    The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

  • CVE-2006-6601Dec 15, 2006
    risk 0.04cvss epss 0.17

    Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields…

  • CVE-2006-6602Dec 15, 2006
    risk 0.04cvss epss 0.14

    explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.

  • CVE-2006-5758Nov 6, 2006
    risk 0.04cvss epss 0.06

    The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local…

  • CVE-2005-4717Dec 31, 2005
    risk 0.04cvss epss 0.19

    Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that…

  • CVE-2005-2122Oct 21, 2005
    risk 0.04cvss epss 0.43

    Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a…

  • CVE-2005-2118Oct 21, 2005
    risk 0.04cvss epss 0.46

    Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties…

  • CVE-2005-1984Aug 10, 2005
    risk 0.04cvss epss 0.55

    Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.

  • CVE-2005-1208Jun 14, 2005
    risk 0.04cvss epss 0.47

    Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using…

  • CVE-2005-0904May 2, 2005
    risk 0.04cvss epss 0.07

    Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.

  • CVE-2005-0051May 2, 2005
    risk 0.04cvss epss 0.47

    The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."

  • CVE-2004-1623Oct 22, 2004
    risk 0.04cvss epss 0.19

    The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.

  • CVE-2004-0201Aug 6, 2004
    risk 0.04cvss epss 0.45

    Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

  • CVE-2004-0474Jul 7, 2004
    risk 0.04cvss epss 0.16

    Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.

Page 12 of 38