VYPR

Windows Xp

by Microsoft

CVEs (744)

  • CVE-2006-0020Jan 10, 2006
    risk 0.02cvss epss 0.18

    An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file…

  • CVE-2005-1212Jun 14, 2005
    risk 0.02cvss epss 0.25

    Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

  • CVE-2005-1935Jun 13, 2005
    risk 0.02cvss epss 0.27

    Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously…

  • CVE-2004-0571Jan 10, 2005
    risk 0.02cvss epss 0.31

    Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability…

  • CVE-2004-1049Dec 31, 2004
    risk 0.02cvss epss 0.30

    Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling…

  • CVE-2004-1361Dec 23, 2004
    risk 0.02cvss epss 0.20

    Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

  • CVE-2004-1319Dec 15, 2004
    risk 0.02cvss epss 0.26

    The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using…

  • CVE-2004-0840Nov 3, 2004
    risk 0.02cvss epss 0.30

    The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a…

  • CVE-2004-0202Aug 6, 2004
    risk 0.02cvss epss 0.26

    IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

  • CVE-2004-0199Jun 14, 2004
    risk 0.02cvss epss 0.26

    Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

  • CVE-2004-0117Jun 1, 2004
    risk 0.02cvss epss 0.26

    Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.

  • CVE-2004-0123Jun 1, 2004
    risk 0.02cvss epss 0.30

    Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2003-0909Jun 1, 2004
    risk 0.02cvss epss 0.21

    Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."

  • CVE-2003-0906Jun 1, 2004
    risk 0.02cvss epss 0.25

    Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

  • CVE-2003-0907Jun 1, 2004
    risk 0.02cvss epss 0.22

    Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

  • CVE-2004-0124Jun 1, 2004
    risk 0.02cvss epss 0.21

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

  • CVE-2003-0660Nov 17, 2003
    risk 0.02cvss epss 0.23

    The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.

  • CVE-2003-0661Oct 20, 2003
    risk 0.02cvss epss 0.22

    The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.

  • CVE-2003-0010Mar 24, 2003
    risk 0.02cvss epss 0.24

    Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that…

  • CVE-2002-1327Dec 26, 2002
    risk 0.02cvss epss 0.23

    Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."

Page 23 of 38